Yep, looks like the HCP protocol registry file disabling is the only work-around atm.
Z Edward Ziots CISSP,MCSA,MCP+I,Security +,Network +,CCA Network Engineer Lifespan Organization 401-639-3505 ezi...@lifespan.org -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, June 10, 2010 6:24 PM To: NT System Admin Issues Subject: Re: More pain on the Windows front, possible 0 day Microsoft's advisory is up: http://www.microsoft.com/technet/security/advisory/2219475.mspx MSFT says Win Vista and later *not* vulnerable. They offer the workaround of deleting the registry key for the HCP URL handler (HKCR\HCP). They also say the workaround posted in the original article isn't good enough, but don't get into specifics. Thanks again to Susan "SBS Diva" Bradley on the patch-management list for the info. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~