Kozick.com Posts

Critical Vulnerability in Windows Help Center

June 30, 2010 by Gjkozick
Home // Security

There’s a pretty bad vulnerability out there with the Microsoft Help function. It has been acknowledged by Microsoft; after having been found by a Google employee. This vulnerability ONLY EXISTS for Windows XP and Windows Server 2003; later versions are NOT affected.

This is important because the guy who announced the vulnerability provided explicit documentation on how the vulnerability could be exploited. It involves the “hcp” protocol handler (like the http:// or ftp:// protocol handlers).

It could take Microsoft up to a month to get a patch out for this.

Sources:

Vulnerability in Help Center could allow remote code execution - Microsoft Support
HCO 0-Day Quick Fix - Steve Gibson's Blog

About the Author

Greg J. Kozick is an experienced IT Professional with experience in many emerging IT technologies. His services are available for hire at http://www.coretechconsulting.com. You can also follow his tech blog The Akron IT Guy. You can contact greg at > greg@kozick.com.

0 Comments // Leave A Comment // Topics: help center, patch, security vulnerabilities, windows, windows server 2003, windows xp

Social Networking