Recently discovered new-old vulnerability threatening users Windows XP si Windows server 2003: Through it, anyone can run through remote orders or applications on those systems.
Recently discovered vulnerability is closely related to Help and Support Center in Windows XP yes Windows 2003 server, more precisely the way the links are processed hcp :/ / (Default for links Help and Support Center - helpctr.exe). To achieve "performance" of Virus A computer running these operating systems, it is enough visiting a page, the danger is not limited to clicks adoar that give the links from that page or e-mailFor example.
Here's what he says Microsoft about this new (actually old ...) break in security Windowscommunity:
This vulnerability Could allow remote code execution if a user views a Specially crafted Web page using a Web browser or clicks a link in year Specially crafted email message. Microsoft is aware That proof-of-concept exploit code for the vulnerability has Been Published. Microsoft is also aware of limited, targeted active attacks that use this exploit code.
Specifically, users XP si server 2003 who tend to login using administrator accounts are fully exposed to attacks by "bad guys" who take advantage of this vulnerability in Help and Support Center. Restrict users not abstain totally from danger, but because not allowed to install software permanently and, moreover, the limits of what these programs can be quite severe, "outsiders" can not take complete control / permanent on that computer (so admnistrator accounts are recommended when necessary).
How can we "patch" the vulnerability in Help and Support Center?
Given that Microsoft has not yet released a security update to resolve this problem (Major, so add) and who discovered it (Tavis Ormandy, Google Security Researcher) made public and ways in which it can be exploitedIt is mandatory to use temporary solution offered (All) Microsoft.
|Enable this fix||Disable this fix|
Fix this problem
Microsoft Fix it 50459
Fix this problem
Microsoft Fix it 50460
What exactly solve this? Disable Help and Support Center (Which however the vast majority of users do not use it), thus blocking hackers access to vulnerable computers.
If you do not trust your fix from Microsoft (for various subjective reasons), you can solve the problem alone, via Registry:
- open regedit (Start Menu-> Run-> regedit) And follow the path HKEY_CLASSES_ROOTHCP
- right click on HCP and select RenameThen change its name (in HCP-off, for example).
- close regedit (no need to restart)
Note: No matter what temporary solution you use to patch the vulnerability, remember that after Microsoft solves the problem in the true sense of the word, you can reactivate (only if you must) Help and Support Center via Microsoft Fix it or rename the modified key from the registers.
*Windows Vista, Windows 2008 server yes Windows 7 are not affected by the break in the HCP protocol.