Recently it was discovered new-old vulnerability which threatens users Windows XP and Windows Server 2003: through it, anyone can run through remote commands or applications on the respective systems.

The recently discovered vulnerability is closely related to Help and Support Center in Windows XP and Windows Server 2003, more precisely the way links are processed hcp:// (default links for Help and Support Center – helpctr.exe). To achieve the "performance" of a Virusa a computer that run these operating systems, it is enough to visit a page, the danger not being limited only to the clicks that are made on the links on the respective page or e-mail, for example.

Here's what he says Microsoft about this new (actually old...) breach Windows security:

This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability. Microsoft is also aware of limited, targeted active attacks that use this exploit code.

More precisely, the users XP and Server 2003 who usually log in using administrator accounts they are totally exposed to the attacks of "bad guys" who take advantage of this vulnerability in the Help and Supporty Center. Restricted users they are not totally safe from dangers, but due to the fact that it is not allowed to install software permanently and, in addition, the limits of what those programs can do are quite severe, "outsiders" cannot take complete/permanent control over those computers (that's why it is recommended to use administrator accounts only when necessary).

How can we "patch" the vulnerability in the Help and Support Center?

Considering that Microsoft has not yet issued a security update to solve this problem (majora, he adds) and the one who discovered it (Tavis Ormandy, Security Researcher at Google) made it public and the methods in which it can be exploited, it is mandatory to use the temporary solution offered (to) from Microsoft.

Enable this fix	Disable this fix
Fix this problem Microsoft Fix it 50459	Fix this problem Microsoft Fix it 50460

Exactly what does this solve? Disable Help and Support Center (which the vast majority of users do not use anyway), in this way blocking hackers' access to vulnerable computers.

If you don't trust the fix from Microsoft (for various subjective reasons), you can solve the problem yourself, via registers:

• open regedit (Start Menu->Run->regedit) and follow the way HKEY_CLASSES_ROOTHCP
• Click-right on HCP and select Rename, then change its name (in HCP-OFF, for example).
• close regedit (no need to restart)

Note: Regardless of the temporary solution you use to patch the vulnerability, remember that, after Microsoft solves the problem in the true sense of the word, reactivate (only if you absolutely need) the Help and Support Center via Microsoft Fix it or rename the modified key in the registries.

*Windows Vista, Windows Server 2008 and Windows 7 are not affected by the gap in the HCP protocol.