Microsoft is aware of limited targeted attacks that exploit the vulnerability. These attacks use specially crafted links on web pages or email messages with the hcp:// prefix instead of http://.

The HCP protocol is used to execute links in the Help and Support Center. The threat is caused by the Windows Help and Support Center not properly validating links that use the HCP protcol.

Attackers who successfully exploit the vulnerability could take complete control of the system if the user is logged in with administrative privileges. The vulnerability can only be exploited if the user clicks on a prepared link.

Microsoft has created a Fix-It script that can be used to protect Windows XP and Windows Server 2003 systems from the vulnerability.

The script disables the threat by unregistering the HCP protocol on the target system.

A manual workaround was also posted

• 1. Click Start, click Run, type Regedit in the Open box, and then click OK
• 2. Locate and then click the following registry key:
  HKEY_CLASSES_ROOT\HCP
• 3.Click the File menu and select Export
• 4.In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save. Note This will create a backup of this registry key in the My Documents folder by default.
• 5. Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes.

Using a Managed Deployment Script

• 1. Create a backup copy of the registry keys by using a managed deployment script that contains the following commands:Regedit.exe /e HCP_Protocol_Backup.reg

  HKEY_CLASSES_ROOT\HCP

• 2. Next, save the following to a file with a .REG extension, such as Disable_HCP_Protocol.reg:Windows Registry Editor Version 5.00

  [-HKEY_CLASSES_ROOT\HCP]

• 3. Run the above registry script on the target machine with the following command from an elevated command prompt: Regedit.exe /s Disable_HCP_Protocol.reg

Disabling the HCP protocol will break all links, be they local or remote, that use the HCP procotol.

The security vulnerability affects only Windows XP and Windows Server 2003 systems. Computer systems running Windows Vista, Windows Server 2008 or Windows 7 are not affected because “the ability to pass data to this control within Internet Explorer” is restricted in these operating systems.

A successful attack will give the attacker the same user rights as the currently logged in user. Microsoft has issued a workaround for the Internet Explorer vulnerability that can be applied manually or using Microsoft Fix It.

The fastest way to patch the security vulnerability is to use the Microsoft Fix It script that will perform all the actions of the workaround automatically. The fix will basically remove support for the ActiveX Control in Internet Explorer. This should not have any impact on the web browser’s functionality according to Microsoft.

While this works as intended in the 32-bit edition of Windows Vista it does not in the 64-bit edition as it is still possible for users to access Internet Explorer from the Windows start menu. The hotfix corrects the issue so that the function is working as intended on 64-bit editions of Windows Vista as well.

The second problem affects the 64-bit editions of Windows Vista, Windows Server 2003 and Windows Server 2008. Microsoft describes the problem the following way:

The Image Delivery server that runs the 64-bit version of Windows Server 2008 or of Windows Server 2003 stops delivering images when you deploy an operating system by using an image-based installation method

The hotfix can also be downloaded directly by visiting the Microsoft Knowledge Base article.

A total of 11 different Windows Server 2003 editions have been released by Microsoft from Windows Home Server over Windows Small Business Server to Windows Server 2003 Enterprise or Windows Storage Server 2003.

Microsoft released many Windows 2003 software additions including multiple feature packs, service packs and tools many of which are recommended to install to increase system stability, performance, security and functionality.

Two Windows Server 2003 Service Packs have been released, one Windows Rights Management Services Service Pack and one Windows SharePoint Services Service Pack. All of those Windows 2003 downloads are available from the Microsoft website.

In addition to Service Pack downloads for the Windows 2003 software a total of 16 feature packs have been released throughout the years including important additions such as the Group Policy Management Console, Windows Services For UNIX or Identity Integration Feature Pack.

Additionally 19 Windows Server 2003 Tools have been released for download adding new features like the Windows Server 2003 Administration Tools Pack, Log Parser 2.2 Tool or Remote Desktop Web Connection.

The Microsoft websites contains lots of Windows 2003 software and should be the starting point for everyone who is setting up a new Windows 2003 Server environment.