February 26, 2007 1:07 PM PST
Flaws in tech support tools open PCs to attack
The vulnerable tools are often used by Internet service providers, PC makers and others to provide support functions such as remote assistance, the U.S. Computer Emergency Readiness Team said in an alert published Thursday. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.
US-CERT lists nearly 40 companies and other organizations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and Internet access providers BellSouth, Comcast and Time Warner, it said.
Symantec includes the SupportSoft components in its consumer security products. The Cupertino, Calif.-based company released its own alert on Thursday, along with fixes. The problem is "high" risk, but is mitigated somewhat, because triggering the flaw would require some action on the part of the user, Symantec noted.
"If successfully exploited, this vulnerability could potentially compromise a user's system, possibly allowing execution of arbitrary code or unauthorized access," Symantec said.
The SupportSoft ActiveX controls are essentially small applications that can be run from Microsoft's Internet Explorer. Symantec shipped the vulnerable controls with Norton AntiVirus 2006, Norton Internet Security 2006 and Norton System Works 2006, it said. Symantec's corporate security products are not affected.
The security company worked with SupportSoft on updates and has made those available via the LiveUpdate feature in its products, it said. Additionally, in November 2006, the flawed versions of the ActiveX controls were disabled through LiveUpdate, Symantec said.
SupportSoft has published its own advisory on the issue. The company offers a step-by-step guide to fix the problem, beginning with searching a PC's hard drive for the vulnerable file (tgctlsi.dll) and applying a fix.
The US-CERT recommends the SupportSoft fix, but has found eight additional files are vulnerable and lists those as: tgctlins.dll; sdcnetcheck.dll; tgctlar.dll; tgctlch.dll; tgctlpr.dll; tgctlcm.dll; tglib.dll; tgctlidx.dll. Searching a PC for all the files is the most effective way to determine if a system is vulnerable, the group said.
5 commentsJoin the conversation! Add your comment