A vulnerability has been recently discovered in the “Windows Help and Support Centre” as used in Windows XP. Basically this is a tool that is used to offer basic assistance to users and makes use of the internet to gather information and offer advice and downloads including drivers and updates.
The problem is that it uses the HCP protocol as well as the http one and it’s not too fussy about the sites it connects to as it cant validate URL’s properly when using the HCP protocol.
This has led to the bad boys writing websites and links that exploit this vulnerability and if a site with this code is browsed, or a link in an email followed to this code it can then download the “payload” to your PC and in effect do what it wants.
There is more information here on Microsoft’s technet site if you want to learn more.
The best advice for the moment is to keep your antivirus and security software as up to date as possible. There is a workaround listed on the site that involves editing the system registry to disable the HCP protocol but this should not be attempted by the feint hearted as in the words of warning at the beginning of the post “Using registry editor can cause serious problems that may require you to reinstall your operating system” and this is not a fix, its just a workaround until a fix is available.
The worst affected countries at the moment seem to be Portugal and Russia but it will spread.
Windows 7 is not affected by this problem.
Tags: antivirus, malware, network security, Security, virus, Windows help and support