MS Patches Windows Code Execution Flaw

May 11, 2004

Ryan Naraine

Users of Microsoft's Windows XP and Windows Server 2003 operating systems are at risk of remote code execution attacks because of a flaw in the Help and Support Center feature, according to an alert issued by the software giant.

The MS04 -015 advisory, which carries an "important" rating, could allow an attacker to remotely execute code on vulnerable systems because of the way the Help and Support Center handles HCP URL validation.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned. It said an attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message.

Affected Software include Windows XP and Windows XP Service Pack 1; Windows XP 64-Bit Edition Service Pack 1; Windows XP 64-Bit Edition Version 2003; Windows Server 2003 and Windows Server 2003 64-Bit Edition.

As a temporary workaround, Microsoft recommends that users unregister the HCP Protocol to block known attack vectors. "To help prevent an attack, unregister the HCP Protocol by deleting the following key from the registry: HKEY_CLASSES_ROOT\HCP."

In its scheduled May release of patches, Microsoft also re-released two bulletins (MS01-052 and MS04-014) to update fixes for known Windows security bugs.

The MS01-052 update, which carries a "moderate" rating, tweaks the patch for Windows NT Server 4.0 Terminal Server Edition users. The re-released patch addresses a security vulnerability that could occur with the original release that could allow an attacker to attempt a denial of service attack.

A revision was also made to the MS04-014 patch released last month to add fixes for non-English versions of Windows XP. "The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP," Microsoft explained.


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.