BleepingComputer.com: How to protect yourself from the Windows Help Center Vulnerability

On June 10, 2010, security researcher Tavis Ormandy publicly disclosed a vulnerability in the Windows Help and Support Center service in Windows XP and Windows Server 2003. This vulnerability would allow a remote hacker or exploit hosted on a web site to cause commands to be executed on a vulnerable computer. The way this disclosure was released has met with numerous criticisms from other security researchers, reporters, and companies. Since then there have been reports of exploits for this vulnerability being found on web sites, which has led Microsoft to create a tool that will disable the vulnerability.

Microsoft has released as temporary workaround that can be used to disable this vulnerability until an official Windows update is released. This fix can be downloaded from the Microsoft knowledge base article #2219475, and when run, will plug the vulnerability. It should be noted that Microsoft has stated that "Unregistering the HCP protocol will break all local, legitimate help links that use hcp://. For example, links in Control Panel may no longer work." In my testing with the fix, I have found no issues after running it.

In my opinion, regardless of what may become broken, it is better than being vulnerable to an exploit that could allows commands to be executed on your computer without your permission.

This information is appreciated, but what do you do if you are unable to get Windows updates any longer?

Why can't you get windows updates?

That's the million dollar question. I have some infection that blocks it, and now there is a (fake?) update icon on my tray that I'm sure is a scam because when I go directly to the Microsoft site I can't get any updates from there.

I actually just answered in fairly extensive detail a message that boopme left me at http://www.bleepingcomputer.com/forums/ind...p;#entry1803951
about that, and since bleepingcomputer frowns on posting the same question more than once, I hesitate to write any more than that (and there is more). Are you allowed to respond to me, since you are available now and it could be days before he/she gets back to me? Thank you very much.

Unfortunately, I cant respond to you on that. I can tell you that the fix it program linked to above can be downloaded directly and not via windows update, so you can still use it

Thank you very much.

Will disabling the Windows Help service protect against this?

I have always been very suspicious of Windows Update. I would rather go to the M$ site and download updates manually. I have been working with/on computers since the '70s, and I know just how vulnerable a home system can be.

Not sure andrew.

I ran something called trojan remover, autorun remover as well as autorun eater and now I can get downloads form the microsoft website. I'm not touching the update icon on the tray and am ignoring the balloon that says updates are available because I don't trust any of it.

One of them, I don't recall which, found something called TDL3 Alureon virus root kit got rid of it, and then I could get updates.

Still can't google anything from Firefox (gets redirected every time), but I have Opera now and when I need to google something, I do it from there. So doesn't that mean there is something going on with Firefox then and not my computer?