Windows XP And Windows Server 2003 Zero-Day Vulnerability

Martin Brinkmann
Jun 16, 2010
Updated • Dec 11, 2014
Security, Windows XP
|
9

A vulnerability in the component Windows Help and Support Center was discovered recently that can be exploited for remote code execution on affected systems. Only Windows XP and Windows Server 2003 are affected by it though and not newer versions of the operating system.

Microsoft is aware of limited targeted attacks that exploit the vulnerability which is reason enough to patch the issue right away on affected PCs. These attacks use specially crafted links on web pages or email messages with the hcp:// prefix instead of http://.

The HCP protocol is used to execute links in the Help and Support Center. The threat is caused by the Windows Help and Support Center not properly validating links that use the HCP protcol.

Attackers who successfully exploit the vulnerability can take complete control of the system if the user is logged in with administrative privileges. The vulnerability can only be exploited if the user clicks on a prepared link though.

Microsoft has created a Fix-It script that can be used to protect Windows XP and Windows Server 2003 systems from the vulnerability.

The script disables the threat by unregistering the HCP protocol on the target system.

A manual workaround was also posted

  • 1. Click Start, click Run, type Regedit in the Open box, and then click OK
  • 2. Locate and then click the following registry key:
    HKEY_CLASSES_ROOT\HCP
  • 3.Click the File menu and select Export
  • 4.In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save. Note This will create a backup of this registry key in the My Documents folder by default.
  • 5. Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes.

Using a Managed Deployment Script

  • 1. Create a backup copy of the registry keys by using a managed deployment script that contains the following commands:Regedit.exe /e HCP_Protocol_Backup.regHKEY_CLASSES_ROOT\HCP
  • 2. Next, save the following to a file with a .REG extension, such as Disable_HCP_Protocol.reg:Windows Registry Editor Version 5.00[-HKEY_CLASSES_ROOT\HCP]
  • 3. Run the above registry script on the target machine with the following command from an elevated command prompt: Regedit.exe /s Disable_HCP_Protocol.reg

Disabling the HCP protocol will break all links, be they local or remote, that use the HCP procotol.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Lobo Schmidt said on April 28, 2006 at 5:58 pm
    Reply

    That’s a nice tip and a good thing to learn.

    But you can also use the Unlocker (a freeware that I learn about here, thanks again) to do this tip and a lot of another ones:

    http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml

  2. Martin said on April 28, 2006 at 6:24 pm
    Reply

    Yes Iam using Unlocker but if you watch lots of Avi movies its simply to much work to always select unlocker to unlock the avi.

    With the tip you can delete it immediatly. I´am using unlocker for other files though ;)

  3. paul said on May 6, 2006 at 11:09 pm
    Reply

    can this FIX also help with MP3 files? i had a problem with “getpopupinfo.exe” from dbpoweramp not allowing me to delete a an MP3 file. i used WHOLOCKME to see what was blocking it and it said getpopupinfo.exe. i used 3 programs (incluing MS tasks option) to close the getpopupinfo.exe program but it kept reappearing. supposedly i have to change a DBP option, but was unable to even get there (http://forum.dbpoweramp.com/printthread.php?t=1221). i ended up uninstalling DBP.

  4. john said on January 18, 2008 at 6:32 am
    Reply

    thanx for the tip. i just wish i would have read this before purchasing a regcare program that didn’t work.

  5. Rohit said on December 12, 2008 at 12:19 pm
    Reply

    Or u could just close the directory where the file is, go to dos mode (CMD.exe) and delete file from there….saves u from accidentally messing up your registry

  6. Anonymous said on June 16, 2009 at 4:36 pm
    Reply

    How comes that Microsoft don’t want to fix that problem them self? It should be their responsibility…

  7. Markus said on August 5, 2009 at 5:30 pm
    Reply

    Thanks! I tried all kinds of other things that people suggested, and this finally worked.

  8. RyAn said on November 18, 2009 at 9:08 am
    Reply

    rename it to a .csv

    open with excel

    delete everything

    save the csv

    close excel

    delete the csv

    easy.

  9. Parminder said on June 12, 2012 at 9:25 pm
    Reply

    Thanks, it really helped my problem

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.