Microsoft confirms Help Center zer0-day vulnerability affecting Windows XP and Server 2003

Customers running Windows Vista, 7, Server 2008 and Server 2008 R2 are not susceptible to the vulnerability, said Mike Reavey, director of the Microsoft Security Response Center.

full article:  http://www.scmagazineus.com/microsoft-confirms-help-center-vulnerability/article/172155/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+SCMagazineHome+%28SC+Magazine%29&utm_content=FaceBook

Microsoft's official response, including a list of "mitigating factors", and a temporary "workaround" --- which has some non-ideal consequences --- and involves editing your registry (proceed at your own risk!):  http://www.microsoft.com/technet/security/advisory/2219475.mspx

Well, I have mixed thoughts about posting the following information... so read and consider it all carefully before taking any action:

the GOOD:   Microsoft has automated their "work-around", mentioned above:   they have a simple download ("wizzard") to "Enable this fix" [and another one, if you change your mind and decide to "Disable this fix"].   By using these "programs", you can avoid having to edit the registry yourself.   but:

the BAD:   this is merely a "work-around" to avoid the vulnerability... it is NOT a true "fix" for the vulnerability.   in particular, as a consequence of implementing this "work around", it "will break all local, legitimate help links that use hcp://. For example, links in Control Panel may no longer work".   so think twice before jumping on this, be sure you really want to.

for those who wish to try, the automated work-around can be found at http://support.microsoft.com/kb/2219475

and the plot thickens:   there are now reports that this vulnerability is actually being exploited in the wild by malware:

http://www.sophos.com/blogs/sophoslabs/?p=10045

(for what it's worth) the Calendar of Updates is now advocating that XP (and Server 2003) users apply the Microsoft FixIt #50549

http://www.calendarofupdates.com/updates/index.php?s=ee595dbf126b61cf0950a192869572cc&app=calendar&module=calendar&cal_id=&do=showevent&event_id=73685

Note:   Be careful with the terminology here:   FixIt 50459  ENABLES the HelpCenter Fix... by DISABLING HCP Protocol.

bump

This apparently will be fixed with next Tuesday's (13 July) monthly patch cycle: 

http://www.calendarofupdates.com/updates/index.php?app=calendar&module=calendar&cal_id=&do=showevent&event_id=75118

"We are also closing Security Advisory 2219475 (Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution) with a comprehensive update that addresses the issue currently under attack".

If you've applied the above fixit #50459, you should UNdo it by running fixit #50460.

Then apply today's Microsoft Update MS10-042