Windows XP and Windows Server 2003 hit by "Zero-Day" vulnerability

A vulnerability in the Windows Help and Support Center has recently been discovered and it could allow remote code execution on affected systems.

Only Windows XP and Windows Server 2003 are affected.

Microsoft is aware of targeted attacks currently in progress that exploit the vulnerability. These attacks make use of links on web pages or email messages that use the hcp:// prefix rather than the normal http://.

This vulnerability could allow hackers to take remote control of affected systems.

The HCP protocol is used in Windows to control links in the Help and Support Center. This vulnerability is as a result of Help and Support Center not properly validating links that make use of the HCP protocol.

Microsoft has released a Fix it script that can be run on vulnerable systems to offer protection. Be aware that this script disables all links using the HCP protocol.

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Source:

http://www.zdnet.com/blog/hardware/windows-xp-and-windows-server-2003-hit-by-zero-day-vulnerability/8640?tag=nl.e550