msrcincident invitation file could potentially result in loss of sensitive information," Ahmed warns.Īmong patching other critical vulnerabilities fixed this month, Windows users are highly recommended to install the latest update for Windows Remote Assistance as soon as possible.Quick Assist Alternatives and Similar Software | AlternativeTo (function()() Skip to main contentSkip to site searchPlatformsCategoriesOnlineWindowsAndroidMaciPhoneLinuxiPadAndroid TabletProductivitySocialDevelopmentBackupRemote Work & StudyLoginSign up HomeNetwork & AdminQuick AssistAlternativesQuick Assist AlternativesQuick Assist is described as 'Help family and friends with their PC or get help from them using Quick Assist. "This XXE vulnerability can be genuinely used in mass scale phishing attacks targeting individuals believing they are truly helping another individual with an IT problem. Instead, an attacker would have to convince a user to take action," Microsoft explains. In all cases, an attacker would have no way to force a user to view the attacker-controlled content.
"The stolen information could be submitted as part of the URL in HTTP request(s) to the attacker. Since the parser does not properly validate the content, the attacker can simply send a specially crafted Remote Assistance invitation file containing a malicious payload to the victim, tricking the targeted computer to submit the content of specific files from known locations to a remote server controlled by the attackers.
0 kommentar(er)
