Windows HCP Flaw: What You Need to Know

From PC World: Anyone running Windows XP or Windows Server 2003 needs to update their registry ASAP.

A critical bug in the Help and Support center was made public recently and Microsoft has neither a fix nor an estimate as to when a fix might be available. Worse still, sample code to exploit the bug is readily available, along with a detailed explanation of the flaw, making it especially easy for bad guys to exploit the vulnerability.

The problem has to do with the way HCP:// links are processed. Normal website links, of course, use HTTP, HCP links are used by the Help and Support Center (helpctr.exe).

You might therefore think that someone would have to click on a link, be it in a web page or an email message, to get infected. But no, simply viewing a web page is all it takes. Microsoft's Security Advisory (2219475) warns "This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser ... "

If the bug is exploited, a bad guy can run software or commands on your computer, as if they were you. The last phrase is important but hasn't been stressed in the articles I've seen on the subject.

Anyone logged on to Windows as an administrator is as vulnerable as a naked newborn baby. Running as a restricted user ("limited" being the term used by Windows XP) does not protect you from the HCP flaw, but it does limit what the malicious software or commands can do on your computer.

Simply put, bad guys can't exploit this bug to install software when you're logged on as a restricted user. They can run malicious software, but the software can't be permanently installed and there are severe limits on what the software can do. That, of course, is the whole idea behind restricted users.

View: Article @ Source Site