Microsoft recently confirmed a critical bug in Windows XP and Windows Server 2003. The company says a patch will be released, but in the meantime, MS has suggested a workaround.
The vulnerability lies in Windows Help and Support Center’s inability to properly parse the “HCP” protocol handler, Microsoft said in an advisory.
The HCP protocol is what allows the Help and Support Center to open URLs. Hackers can exploit the flaw by directing users to malicious websites or getting them to click on malicious links in e-mails, thereby gaining control of the user’s system.
The flaw affects Windows XP SP2 and SP3, and Windows Server 2003 SP2. Vista, Windows 7 and Windows Server 2008 aren’t affected.
Microsoft said a patch will be released, but didn’t announce when. According to MS, unregistering the HCP protocol can block attacks (instructions on how to do that are included in the advisory).