Posted by: Ken Harthun
Microsoft, Patch management, Vulnerabilities, Zero-day vulnerability
This was first revealed on June 10, 2010 in Microsoft Security Advisory (2219475). It was updated on June 15th.
Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability. Microsoft is also aware of limited, targeted active attacks that use this exploit code.
This problem is related to the HCP protocol. It’s still not patched, but here is a workaround for it:
Unregistering the HCP Protocol prevents this issue from being exploited on affected systems.
Using the Interactive Method
1. Click Start, click Run, type Regedit in the Open box, and then click OK
2. Locate and then click the following registry key: HKEY_CLASSES_ROOT\HCP
3. Click the File menu and select Export
4.In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save. Note This will create a backup of this registry key in the My Documents folder by default.
5. Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes.
We hope Microsoft will issue a patch shortly.