Microsoft Releases Temp Fix for XP Help Function Flaw

Dennis Faas's picture

According to reports, a flaw in the Windows XP operating system, which was first reported last week by a Google researcher, has been exploited by hackers in an attempt to spread malware.

The flaw was reported on Monday, and is related to a vulnerability in Windows XP's Help function. A Google researcher by the name of Tavis Ormandy discovered that the web link script used in XP's Help and Support Center could be manipulated in order to route users towards malicious online content. (Source: itproportal.com)

Google Researcher Publishes Hacking Guide

To Microsoft's disappointment, Ormandy published the details regarding the exploit just four days after he mentioned it to Microsoft, giving the software giant a very narrow time span in which to deal with the issue. Ormandy's report included a detailed description of how a hacker might activate the exploit, reportedly doing so because he felt it would force Microsoft to act promptly with a fix.

Reports now suggest hackers are using the exploit reported by Google to launch a malware attack. There's not much known about the attacks, but Microsoft is aware of them and says it is working hard on a fix. (Source: zdnet.com)

Temporary Fix for WinXP Help Function Flaw

In the meantime, Microsoft has posted a temporary Fix It script designed to prevent all links using the troublesome HCP protocol in Windows XP's Help and Support Center. The temporary patch essentially disables all script related to this feature (link below):

http://support.microsoft.com/kb/2219475

Rate this article: 
No votes yet