A Security Advisory (2219475) has been recently issued by Microsoft and this addresses the publicly disclosed susceptibility in the function of the Windows help and Support Center (helpctr.exe). Windows XP and Windows Server 2003 are the specific two operating systems that are affected by this flaw. The newer Operating Systems of Microsoft are however unaffected.

If you click on as hcp:// link, it launches helpctr.exe by means of a registered protocol handler in Windows XP and Windows Server 2003. Help and Support Center confirms this before navigating to a given help page and so far it was considered as a safe way to instigate help contents. Recently a security research conducted by Google has revealed that a help page with a cross site scripting exposure can be brought up to misuse the allowed list functionality in order to contact that page with a utilize query string. Therefore, clicking on a malevolent hcp:// link influences the XSS susceptibility to evade helptr.exe’s security controls and eventually run a random executable program on the computer.

So far, Redmond is unacquainted of any kind of attacks which is trying to utilize this weakness even though it is intensely monitoring the situation and on a forthcoming patch going to present a security update.

Microsoft’s three justifying causes for this weakness

• It is very common in a Web based attack circumstances that an assailant could initiate a webpage that is used to take chance of this vulnerability. Otherwise it can be done by a webpage that allows or hosts consumer supplied information or advertisement.
• This type of vulnerability cannot be utilized automatically through e-mail. In order to make the attack successful, it would be required to click a link of an e-mail by the user.
• By utilizing or exploiting this vulnerability, an attacker could gain the same user right as the local user. So users having the accounts with fewer user rights configuration on the system would be affected less than those users who work with organizational user rights.

Currently Microsoft is working on unregistering the HCP Protocol which requires editing of the registry. According to Microsoft there are two different ways to do this editing but it will break all local, legal help link that works by using hcp:// such as Control Panel links.

Microsoft on the public disclosure

However, Microsoft is not too happy with the public disclosure of this vulnerability. It said that the disclosure of the details of the vulnerability and how to exploit it without giving them the time to correct the problems of clients will make more similar attacks to occur and cause more risk for the people who use it.

Reason to leave Windows XP

As none of the Windows 7 and Vista is affected with this flaw, it is giving the users another reason to leave Windows XP. According to Net Applications, up to 63 percent of all desktop operating systems that are being used today are Windows XP, with a 15% usage Vista is in second position and Windows 7 in the third position with a 13% percentage usage.