Security warning over tech support tools

Multiple flaws in commonly used technical support tools can open Windows PCs to cyber attack, security experts have warned.

The vulnerable tools are often used by ISPs, PC makers and others to provide support functions such as remote assistance, the US Computer Emergency Readiness Team (US-Cert) said in an alert. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.

US-Cert lists nearly 40 companies and other organisations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and internet access providers BellSouth, Comcast and Time Warner, it said.

Symantec includes the SupportSoft components in its consumer security products. The company released its own alert last week, along with fixes. The problem is "high" risk but is mitigated somewhat, because triggering the flaw would require some action on the part of the user, Symantec noted.

It said: "If successfully exploited, this vulnerability could potentially compromise a user's system, possibly allowing execution of arbitrary code or unauthorised access."

The SupportSoft ActiveX controls are essentially small applications that can be run from Microsoft's Internet Explorer. Symantec shipped the vulnerable controls with Norton AntiVirus 2006, Norton Internet Security 2006 and Norton System Works 2006, it said. Symantec's corporate security products are not affected.

The security company worked with SupportSoft on updates and has made those available via the LiveUpdate feature in its products, it said. Additionally, in November 2006, the flawed versions of the ActiveX controls were disabled through LiveUpdate, Symantec said.

SupportSoft has published its own advisory on the issue. The company offers a step-by-step guide to fix the problem, beginning with searching a PC's hard drive for the vulnerable file (tgctlsi.dll) and applying a fix.

The US-Cert recommends the SupportSoft fix but has found eight additional files are vulnerable and lists those as: tgctlins.dll; sdcnetcheck.dll; tgctlar.dll; tgctlch.dll; tgctlpr.dll; tgctlcm.dll; tglib.dll; tgctlidx.dll.

Searching a PC for all the files is the most effective way to determine if a system is vulnerable, the group said.

Joris Evers writes for CNET News.com