February 26, 2007 1:07 PM PST

Flaws in tech support tools open PCs to attack

Multiple flaws in commonly used technical support tools can open Windows PCs to cyberattack, security experts have warned.

The vulnerable tools are often used by Internet service providers, PC makers and others to provide support functions such as remote assistance, the U.S. Computer Emergency Readiness Team said in an alert published Thursday. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.

US-CERT lists nearly 40 companies and other organizations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and Internet access providers BellSouth, Comcast and Time Warner, it said.

Symantec includes the SupportSoft components in its consumer security products. The Cupertino, Calif.-based company released its own alert on Thursday, along with fixes. The problem is "high" risk, but is mitigated somewhat, because triggering the flaw would require some action on the part of the user, Symantec noted.

"If successfully exploited, this vulnerability could potentially compromise a user's system, possibly allowing execution of arbitrary code or unauthorized access," Symantec said.

The SupportSoft ActiveX controls are essentially small applications that can be run from Microsoft's Internet Explorer. Symantec shipped the vulnerable controls with Norton AntiVirus 2006, Norton Internet Security 2006 and Norton System Works 2006, it said. Symantec's corporate security products are not affected.

The security company worked with SupportSoft on updates and has made those available via the LiveUpdate feature in its products, it said. Additionally, in November 2006, the flawed versions of the ActiveX controls were disabled through LiveUpdate, Symantec said.

SupportSoft has published its own advisory on the issue. The company offers a step-by-step guide to fix the problem, beginning with searching a PC's hard drive for the vulnerable file (tgctlsi.dll) and applying a fix.

The US-CERT recommends the SupportSoft fix, but has found eight additional files are vulnerable and lists those as: tgctlins.dll; sdcnetcheck.dll; tgctlar.dll; tgctlch.dll; tgctlpr.dll; tgctlcm.dll; tglib.dll; tgctlidx.dll. Searching a PC for all the files is the most effective way to determine if a system is vulnerable, the group said.

See more CNET content tagged:
SupportSoft, Symantec Corp., flaw, ActiveX Control, Norton Co.

5 comments

Join the conversation!
Add your comment
ROTFL! (not ab't the flaw, but...)
...to think - when I got Comcast installed @ home, I remamber having to jump through some extra hoops to get all hooked up because I didn't use any of their software "tools" and such to do it (I got Mac and Linux machinery)...


Heh. At least that extra work in the beginning was worth it now - I can go home and kick back today, instead of rushing to the computers in a fearful hurry that something they had me download is somehow gonna expose my boxes.

Sometimes, life is just plain good.

/P
Posted by Penguinisto (5042 comments )
Reply Link Flag
Funny No software needed for my install
That is funny all I did was plug in my modem and it worked. No software install was needed.
Posted by ittech1 (11 comments )
Link Flag
Remote Assistance (consultants view)
I never install those programs for my customers, After all, they consider my ofice the first place to call. Heck, Half of em even call us for their email and remote office passwords. Geez. I can hear it now, why do I have to call QWEST for my internet being down? Whats my password? What do I tell them the problem is?

Then they get tech level I that reads the script, "do you have multiple computers, if so, unplug them all except for 1 from the router" or better "lets clean your cookies and history" :)
Posted by telestarnext (42 comments )
Reply Link Flag
ActiveX is the problem, and is not fixable.
This is what happens when support apps like this use Microsoft technologies, namely ActiveX. This technology is inherently flawed, like all other MS technologies. Until companies like SupportSoft and others get off their lazy arses and use proven non-MS technologies like Java, security problems will always be an issue.
Posted by Microsoft_Facts (109 comments )
Reply Link Flag
Remote Access is Remote Access
Unless they have a fool-proof method to thwart unauthorized use of those same tools... this is just another one of those "I told you so" ordeals.

Any time somebody builds a way to login... they MUST ensure authentication and have the proper security set up to prevent miss use of such remote technology.

Otherwise, they're only asking for a hack.

It's just plain common sense... or in this case... sheere lack there of!!! (* CHUCKLE *)

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.