Ok that's what I read but I wanted to be sure. I don't even have the binaries directory so I am good.
_____ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, June 10, 2010 9:14 AM To: NT System Admin Issues Subject: Re: More pain on the Windows front, possible 0 day I think it is just for XP/2003, and it is the MS Help Center stuff It actually doesn't work properly on 2008, as far as I can tell - I was looking a bit too deep On 10 June 2010 14:08, David W. McSpadden <dav...@imcu.com> wrote: I don't have it as well but I am win7pro and I didn't install the HP help center software?? Maybe?? _____ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, June 10, 2010 8:38 AM To: NT System Admin Issues Subject: Re: More pain on the Windows front, possible 0 day I can't find the protocol handler anywhere in HKCR? On 10 June 2010 13:31, Joe Tinney <jtin...@lastar.com> wrote: The article Susan linked had a mitigations section. The one I am most interested in was the temporary disabling of the hcp protocol handler in the registry. http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, June 10, 2010 7:23 AM To: NT System Admin Issues Subject: RE: More pain on the Windows front, possible 0 day My intial thought would be HIPS to block the helpctr from even being called, either that or stopping the help and support center service, and ACLing the helpctr.exe. But still waiting to see what comes up on the Security lists from Microsoft that Susan Bradley myself and others are on, for additional mitigation aspects. It is a unique exploit since it combines XSS with a hex obfuscation to bypass windows system controls. Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, June 10, 2010 7:16 AM To: NT System Admin Issues Subject: Re: More pain on the Windows front, possible 0 day Saw this earlier on Patch Management...any word yet on workaround/mitigation to keep us sane until the inevitable OOB patch comes around? On 10 June 2010 12:00, Ziots, Edward <ezi...@lifespan.org> wrote: http://www.theregister.co.uk/2010/06/10/windows_help_bug/ http://seclists.org/fulldisclosure/2010/Jun/205 Looks like a combination of XSS, and invoking the hcp protocol for help and support center to execute commands in the context of the logged on user. PS: Mad Props to Susan Bradley on the Patch Management list for putting this out.... Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
