XP Help Center security flaw leaves machines wide open

DEVELOPER OF BLOATED SOFTWARE Microsoft has, not for the first time, been caught out with a shocking security vulnerability in its Windows Help and Support Center software (HSC).

The exploit allows attackers to invoke commands using wscript.shell object under the same privilege as the local user.

This problem stems from Microsoft's bodged implementation of the protocol handler for "HCP", the protocol used in Windows HSC. Thanks to a lack of checks on return codes made by a function call, which leads to HSC switching to a restricted mode allowing complete access to a whitelisted set of help documents and parameters.

While cross-site scripting is the offender, the problem isn't at the browser so even if you run Firefox, machines installed with Microsoft's Windows XP operating system are affected. According to the insecurity disclosure, the problem is made worse by having Windows Media Player 9 installed, which of course is the default player bundled with Windows XP.

Microsoft was made aware of its insecurity "feature" on 5 June however as of today has yet to issue a fix. The person responsible for bringing it to Microsoft's attention however has done one better than the firm, not only providing information on how to circumvent the problem but as a last ditch scenario, a patch. Unlike Microsoft he included the source code meaning desperate administrators can look over what's been done to ensure that nothing iffy is being installed.

Apparently both Windows XP and Windows Server 2003 are affected, with an extensive run-down on the problem posted online along with the suitable fix. Though the black hat says that uninstalling Windows Media Player won't change users' exposure to the problem, we think that uninstalling Windows altogether would be a more permanent fix.

As to when Microsoft will bother to patch its aging operating system, well that's anyone's guess. µ