“Zero-Day” vulnerability in Windows XP and Windows Server 2003

A vulnerability in the Windows Help and Support Center, on Windows XP and Windows Server 2003, has recently been discovered and it could allow remote code execution on affected systems.

Microsoft has confirmed that targeted attacks are currently in progress that exploit the vulnerability. These attacks make use of links on web pages or email messages that use the hcp:// prefix rather than the normal http://.

This vulnerability could allow hackers to take remote control of affected systems.  The HCP protocol is used in Windows to control links in the Help and Support Center. This vulnerability is as a result of Help and Support Center not properly validating links that make use of the HCP protocol.

Microsoft has released a Fix it script that can be run on vulnerable systems to offer protection. Be aware that this script disables all links using the HCP protocol.  The fix can be found at http://support.microsoft.com/kb/2219475

Contact CCS Support to Help assess you vulnerability and check that you protection is adequate.

Leave a Reply