Windows XP zero-day under attack; Use Microsofts “fix-it” workaround | ZDNet

Just five days after Google researcher Tavis Ormandy released details of a critical vulnerability affecting Windows XP and Windows Server 2003, malware authors have struck, exploiting the flaw to plant malware on Windows machines.The attacks, described by Microsoft as “limited,” are being distributed on rigged Web sites drive-by downloads.“Windows Server 2003 customers are not currently at risk from the Win Help issue based on the attack samples we have analyzed,” according to Microsoft’s security response center.The attacks,  are only targeting Windows XP computers with the HCP protocol enabled.


In the absence of a patch, Microsoft is recommending that affected Windows customers use this one-click Fix-It tool to unregister the problematic “hcp://” protocol.

This can also be manually done by following these simple directions:

  1. Click Start, and then click Run.
  2. Type regedit, and then click OK.
  3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
  4. Right-click the HCP key, and then click Delete.

Impact of Workaround: Unregistering the HCP protocol will break all local, legitimate help links that use hcp://.  For example, links in Control Panel may no longer work.

via Windows XP zero-day under attack; Use Microsofts “fix-it” workaround | ZDNet.


Adobe reports critical flaw in Flash, Acrobat | Security – CNET News

Adobe has issued a security advisory about a “critical” vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of peoples computers. The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available. Affected software includes: Adobe Flash Player, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris, Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and Unix. The company said that the Flash Player 10.1 Release Candidate does not seem to be vulnerable and that Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe didn’t say when an official fix would be released, but according to the company, computer users can mitigate the Flash issue by downloading the release candidate mentioned above. The Acrobat and Reader issue can be addressed by “deleting, renaming, or removing access to the authplay.dll file” that ships with those products, Adobe said. This will, however, cause a nonexploitable crash or error message if a user opens a PDF file that contains SWF content. The .dll file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat, Adobe said.The complete security advisory is available here.

via Adobe reports critical flaw in Flash, Acrobat | Security – CNET News.