While these vulnerable tech support tools are primarily geared towards corporate entities such as Time Warner and Comcast, a variety of vulnerabilities have been found in the support tools provided by SupportSoft that can be exploited to run arbitrary code on the vulnerable system. This could mean that your account data with any of these vulnerable firms could be in danger, especially since there are still corporations that have not fixed the problem.

The vulnerable tools are often used by Internet service providers, PC makers and others to provide support functions such as remote assistance, the U.S. Computer Emergency Readiness Team said in an alert published Thursday. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.

US-CERT lists nearly 40 companies and other organizations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and Internet access providers BellSouth, Comcast and Time Warner, it said.

Symantec includes the SupportSoft components in its consumer security products. The Cupertino, Calif.-based company released its own alert on Thursday, along with fixes. The problem is “high” risk, but is mitigated somewhat, because triggering the flaw would require some action on the part of the user, Symantec noted.[more]

Tags: Hackers, Identity Theft