ITS Alert Board
Alert: Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Systems Affected: Windows XP and Windows Server 2003
Overview: Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability. Microsoft is also aware of limited, targeted active attacks that use this exploit code. Based on the samples analyzed, Windows Server 2003 systems are not currently at risk from these attacks. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Solution: Visit the following site: http://support.microsoft.com/kb/2219475
To fix this problem automatically, click the Fix this problem link under the "Enable this fix" heading. Then, click Run in the File Download dialog box and follow the steps in the wizard.