Windows XP And Windows Server 2003 Zero-Day Vulnerability
A vulnerability in the component Windows Help and Support Center was discovered recently that can be exploited for remote code execution on affected systems. Only Windows XP and Windows Server 2003 are affected by it though and not newer versions of the operating system.
Microsoft is aware of limited targeted attacks that exploit the vulnerability which is reason enough to patch the issue right away on affected PCs. These attacks use specially crafted links on web pages or email messages with the hcp:// prefix instead of http://.
The HCP protocol is used to execute links in the Help and Support Center. The threat is caused by the Windows Help and Support Center not properly validating links that use the HCP protcol.
Attackers who successfully exploit the vulnerability can take complete control of the system if the user is logged in with administrative privileges. The vulnerability can only be exploited if the user clicks on a prepared link though.
Microsoft has created a Fix-It script that can be used to protect Windows XP and Windows Server 2003 systems from the vulnerability.
The script disables the threat by unregistering the HCP protocol on the target system.
A manual workaround was also posted
- 1. Click Start, click Run, type Regedit in the Open box, and then click OK
- 2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\HCP- 3.Click the File menu and select Export
- 4.In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save. Note This will create a backup of this registry key in the My Documents folder by default.
- 5. Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes.
Using a Managed Deployment Script
- 1. Create a backup copy of the registry keys by using a managed deployment script that contains the following commands:Regedit.exe /e HCP_Protocol_Backup.regHKEY_CLASSES_ROOT\HCP
- 2. Next, save the following to a file with a .REG extension, such as Disable_HCP_Protocol.reg:Windows Registry Editor Version 5.00[-HKEY_CLASSES_ROOT\HCP]
- 3. Run the above registry script on the target machine with the following command from an elevated command prompt: Regedit.exe /s Disable_HCP_Protocol.reg
Disabling the HCP protocol will break all links, be they local or remote, that use the HCP procotol.
Advertisement
That’s a nice tip and a good thing to learn.
But you can also use the Unlocker (a freeware that I learn about here, thanks again) to do this tip and a lot of another ones:
http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml
Yes Iam using Unlocker but if you watch lots of Avi movies its simply to much work to always select unlocker to unlock the avi.
With the tip you can delete it immediatly. I´am using unlocker for other files though ;)
can this FIX also help with MP3 files? i had a problem with “getpopupinfo.exe” from dbpoweramp not allowing me to delete a an MP3 file. i used WHOLOCKME to see what was blocking it and it said getpopupinfo.exe. i used 3 programs (incluing MS tasks option) to close the getpopupinfo.exe program but it kept reappearing. supposedly i have to change a DBP option, but was unable to even get there (http://forum.dbpoweramp.com/printthread.php?t=1221). i ended up uninstalling DBP.
thanx for the tip. i just wish i would have read this before purchasing a regcare program that didn’t work.
Or u could just close the directory where the file is, go to dos mode (CMD.exe) and delete file from there….saves u from accidentally messing up your registry
How comes that Microsoft don’t want to fix that problem them self? It should be their responsibility…
Thanks! I tried all kinds of other things that people suggested, and this finally worked.
rename it to a .csv
open with excel
delete everything
save the csv
close excel
delete the csv
easy.
Thanks, it really helped my problem