TITLE: Microsoft Windows Help and Support Center URL Validation Vulnerability SECUNIA ADVISORY ID: SA11590 VERIFY ADVISORY: http://secunia.com/advisories/11590/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition DESCRIPTION: Microsoft has issued patches for Microsoft Windows to fix a vulnerability in the Help and Support Center. The vulnerability is caused by an unspecified input validation error. This can be exploited via the HCP protocol on Microsoft Windows XP and Microsoft Windows 2003 through Internet Explorer or Outlook. Other versions of Microsoft Windows do not support the HCP protocol and are therefore not affected. SOLUTION: Microsoft has issued patches: The patches are available from WindowsUpdate or from: Microsoft Windows XP and Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=563F65A3-D793-47B4-A607-948CAA5B3454&displaylang=en Microsoft Windows XP 64-Bit Edition Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=EB954F03-EFC6-45FA-B87C-E29135199DC9&displaylang=en Microsoft Windows XP 64-Bit Edition Version 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=EB954F03-EFC6-45FA-B87C-E29135199DC9&displaylang=en Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=50AD42D7-81BD-4F96-9AD1-0E67310551DF&displaylang=en Microsoft Windows Server 2003 64-Bit Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=E05DE6AB-FB0D-4A0E-B34E-BB69B9D6BA74&displaylang=en ORIGINAL ADVISORY: http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------