There have been several reports today that a recently-discovered flaw in the Help and Support Center component of Microsoft Windows XP and Server 2003 is being actively exploited. The vulnerability is serious; if a user were to view a maliciously-crafted Web page, or click on a malicious link in an E-mail message, the attacker could remotely execute code with the same privileges as the local user. The attack makes use of the HCP protocol used by the Help and Support Center.
Microsoft has not yet released a fix for this problem; they do, however, have a suggested work-around that disables the HCP protocol. Instructions for doing this manually (which involves editing the Windows Registry — not for the faint of heart) are included in the Security Advisory mentioned above, under the heading “Workarounds”. Alternatively, you can visit this Microsoft Support page, and click on the FixIt link under Enable this Fix. Either of these methods will unregister the HCP protocol, and prevent the exploit from succeeding. The downside of the work-around is that some functions of the Help and Support Center will not work, or crash.
I’ll post another note here if additional information or a patch becomes available.
Random Walks 
[…] are increasing on the vulnerability in Microsoft’s Windows Help and Support Center, which I wrote about a couple of weeks ago. (This particular vulnerability is only present in Windows XP and Server […]
[…] 2003; the second, MS10-043, affects Windows 7 and Server 2008 R2. The first patch addresses the vulnerability in the Help and Support Center, which is currently being actively […]