Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to protect yourself from the Windows Help Center Vulnerability


  • Please log in to reply
9 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:06 PM

Posted 16 June 2010 - 08:54 AM



On June 10, 2010, security researcher Tavis Ormandy publicly disclosed a vulnerability in the Windows Help and Support Center service in Windows XP and Windows Server 2003. This vulnerability would allow a remote hacker or exploit hosted on a web site to cause commands to be executed on a vulnerable computer. The way this disclosure was released has met with numerous criticisms from other security researchers, reporters, and companies. Since then there have been reports of exploits for this vulnerability being found on web sites, which has led Microsoft to create a tool that will disable the vulnerability.

Microsoft has released as temporary workaround that can be used to disable this vulnerability until an official Windows update is released. This fix can be downloaded from the Microsoft knowledge base article #2219475, and when run, will plug the vulnerability. It should be noted that Microsoft has stated that "Unregistering the HCP protocol will break all local, legitimate help links that use hcp://. For example, links in Control Panel may no longer work." In my testing with the fix, I have found no issues after running it.

In my opinion, regardless of what may become broken, it is better than being vulnerable to an exploit that could allows commands to be executed on your computer without your permission.


BC AdBot (Login to Remove)

 


#2 misssbb

misssbb

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 June 2010 - 01:54 PM

This information is appreciated, but what do you do if you are unable to get Windows updates any longer?

#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:06 PM

Posted 16 June 2010 - 02:02 PM

Why can't you get windows updates?

#4 misssbb

misssbb

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 June 2010 - 03:02 PM

That's the million dollar question. I have some infection that blocks it, and now there is a (fake?) update icon on my tray that I'm sure is a scam because when I go directly to the Microsoft site I can't get any updates from there.

I actually just answered in fairly extensive detail a message that boopme left me at http://www.bleepingcomputer.com/forums/ind...p;#entry1803951
about that, and since bleepingcomputer frowns on posting the same question more than once, I hesitate to write any more than that (and there is more). Are you allowed to respond to me, since you are available now and it could be days before he/she gets back to me? Thank you very much.

#5 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:06 PM

Posted 16 June 2010 - 03:24 PM

Unfortunately, I cant respond to you on that. I can tell you that the fix it program linked to above can be downloaded directly and not via windows update, so you can still use it :thumbsup:

#6 misssbb

misssbb

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 June 2010 - 04:26 PM

Thank you very much. :thumbsup:

#7 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:06 PM

Posted 19 June 2010 - 03:04 AM

Will disabling the Windows Help service protect against this?

#8 MattV

MattV

  • Members
  • 736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Asheville NC
  • Local time:10:06 PM

Posted 19 June 2010 - 04:08 PM

I have always been very suspicious of Windows Update. I would rather go to the M$ site and download updates manually. I have been working with/on computers since the '70s, and I know just how vulnerable a home system can be.

#9 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:06 PM

Posted 20 June 2010 - 07:30 PM

Not sure andrew.

#10 misssbb

misssbb

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 23 June 2010 - 12:04 PM

I ran something called trojan remover, autorun remover as well as autorun eater and now I can get downloads form the microsoft website. I'm not touching the update icon on the tray and am ignoring the balloon that says updates are available because I don't trust any of it.

One of them, I don't recall which, found something called TDL3 Alureon virus root kit got rid of it, and then I could get updates.

Still can't google anything from Firefox (gets redirected every time), but I have Opera now and when I need to google something, I do it from there. So doesn't that mean there is something going on with Firefox then and not my computer?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users