The Microsoft Security Response Center (MSRC)
10 Jun 2010
We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.
This issue was reported to us on June 5th, 2010 by a Google security researcher and then made public less than four days later, on June 9th, 2010. Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk
Workaround
We will be releasing a security advisory today with additional guidance and our teams are already working to address the core issue. In the meantime, customers can unregister the HCP protocol to protect themselves using the following steps:
1. Click Start, and then click Run.
2. Type regedit, and then click OK.
3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
4. Right-click the HCP key, and then click Delete.Impact of Workaround: Unregistering the HCP protocol will break all local, legitimate help links that use hcp://. For example, links in Control Panel may no longer work.
We have initiated our emergency response process and will continue to monitor the threat landscape for any signs of attack against this issue. Our Microsoft Active Protections Program (MAPP) partners have detailed information about this vulnerability and are developing protections where possible.
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
