jump to navigation

Vulnerability in Windows Help Center Could Allow Remote Code Execution June 14, 2010

Posted by Randy Tyler in General.

Microsoft Security Advisory (2219475)

Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message.

Affected Software

Windows XP Service Pack 2 and Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems

Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Unregister the HCP Protocol: Use the automated Microsoft Fix it solution to enable or disable this workaround found at the following URL: http://support.microsoft.com/kb/2219475

For further information about virtual volunteering, visit Online Volunteering Tips, Technology and Tools or Pioneering Online Volunteering Program Developer Randy Tyler

%d bloggers like this: