New vulnerability in Windows revealed


New vulnerability in Windows revealed

Warwick Ashford

An independent security researcher has published exploit code for a zero-day vulnerability in Windows XP and Windows 2003.

Tavis Ormandy published the advisory five days after reporting the vulnerability to Microsoft.

"Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user," he said.

The decision to use full disclosure for this vulnerability will revive the discussions around full versus responsible disclosure, said Wolfgang Kandek, chief technology officer at security firm Qualys.

Ormandy defended the decision, saying: "I ha've concluded that there is a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."

In the advisory, Ormandy calls for increased pressure on Microsoft to invest in developing processes for faster responses to external security reports.

The vulnerability is in the Windows Help and Support Center component and is accessed through the protocol handler "hcp://".

It can be triggered through all major browsers, particularly if Windows Media Player is available. Ormandy says the vulnerability is easiest to exploit under Internet Explorer 7 (IE7).

Ormandy provides sample exploit code for both IE8 and IE7 in the advisory.

As a work-around for the vulnerability, it is possible to de-register the HCP protocol on the target machine, said Wolfgang Kandek.

But the workaround will disable all local - even legitimate - help links that use the HCP protocol.

"For example, links in the Control Panel may no longer function," said Kandek.

Guide to workaround

1. From the Start Menu, select Run

2. Type regedit then click OK (The registry editor program launches)

3. Expand HKEY_CLASSES_ROOT and highlight the HCP key

4. Right mouse click on the HCP key, and select Delete

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy