If you are running Windows XP or Server 2003 you are at huge risk to a newly announced exploit.
Fortunately, this exploit has a quick and easy fix.
On Thursday, June 10th, 2010 a researcher publicly announced an exploit that takes advantage of a problem in the hcp:// handler; this is what allows Help and Support Center to work properly and provide remote assistance.
Making use of this exploit will allow a hacker to run code on your machine, thus giving them full access.
This attach can be done via an exploited web site or and email. There are probably more ways to conduct this exploit that have not yet been discovered.
While there is no known attack using this vulnerability now you can bet you bottom dollar that there will be one soon!!
Thankfully there is an easy way to fix this;
- From the Start Menu, select Run
- Type regedit then click OK (The registry editor program launches)
- Expand “HKEY_CLASSES_ROOT”
- Expand “HCP”
- Expand “shell”
- Highlight the “open” key
- Right mouse click on the “open” key, and select Delete
Doing this is going to break the Help and Support Center so please check with your network support folks to be sure they don’t require this component.
http://seclists.org/fulldisclosure/2010/Jun/205
