Microsoft: Vulnerability Disclosure affecting Windows XP and Windows Server 2003

On June 5th, 2010, Google security researcher reported a vulnerability to Microsoft, and on June 9th, 2010, made it public disclosure of details of vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk, "We're aware […]

On June 5th, 2010, Google security researcher reported a vulnerability to Microsoft, and on June 9th, 2010, made it public disclosure of details of vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk, "We're aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We aren't aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, aren't vulnerable to this issue, or at risk of attack," said Microsoft.

"customers can unregister HCP protocol to protect themselves using steps: Click Start, click Run; Type regedit, click OK; Expand HKEY_CLASSES_ROOT, and highlight HCP key; Right-click HCP key, click Delete. Impact of Workaround: Unregistering HCP protocol will break all local, legitimate help links that use hcp://. For e.g., links in Control Panel may no longer work.

More Info: security advisory 2219475

[Source]