Protect Windows XP from zero-day flaw in HCP protocol

Microsoft is plagued with another zero-day security flaw, but thankfully there is a workaround to protect vulnerable systems

Earlier this week was Microsoft's Patch Tuesday for June--a busy Patch Tuesday with ten new security bulletins fixing 34 different vulnerabilities. However, there is now a publicly disclosed vulnerability with potentially dire consequences that didn't make the list of patches this month. IT administrators need to understand the risks, and act now to mitigate the threat and protect Windows XP systems from the HCP protocol vulnerability.

A Microsoft Security Response Center (MSRC) blog post explains "We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack." [the emphasis is Microsoft's, not mine]

Andrew Storms, director of security operations for nCircle, commented via e-mail to say "Microsoft has had a zero day every month this year, and in their position as the industry leader in enterprise security standards, this has got to be disheartening for them. It's also not doing their reputation in the security community any good."

Thankfully for Microsoft, Adobe is the current poster child for lax application security, so some of the negative press normally reserved for Microsoft is being redirected at Adobe instead. Recent security flaws affecting Adobe Flash and Adobe Reader have kept Adobe in the headlines for all the wrong reasons.

Storms points out "The bad news on this zero-day is that all users of Windows XP are affected, and the vulnerability makes drive-by attacks possible. The installed base for XP is huge because both consumers and enterprise customers have been very reluctant to upgrade to Vista and are just now starting to move to Windows7.

Microsoft should have had more time to address this issue properly. According to the MSRC blog "This issue was reported to us on June 5th, 2010 by a Google security researcher and then made public less than four days later, on June 9th, 2010. Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."

Storms says that Tavis Ormandy, the Google security researcher in question, "has been trying to separate his actions from his employer, but you have to wonder if he is adding fuel to the very public fire between Microsoft and Google by continuing to draw negative attention to Microsoft's security process."

Microsoft's MSRC blog states that Microsoft will be issuing a security advisory related to this vulnerability, and is continuing research into a proper fix. In the meantime, Microsoft offers the following workaround to protect vulnerable systems:

1. Click Start, and then click Run.

2. Type regedit, and then click OK.

3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.

4. Right-click the HCP key, and then click Delete.

This workaround unregisters the HCP protocol in Windows, and will break all local, legitimate help links that use hcp://. For example, links in Control Panel may no longer work.

nCircle's Storms summed up by stating what should be increasingly obvious to IT administrators. "Any users on the fence about upgrading from XP should take a hard look at all the security bulletins for the last six months; the information there should inform your thinking."

You can follow Tony on his Facebook page, or contact him by email at tony_bradley@pcworld.com. He also tweets as @Tony_BradleyPCW.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitywindows xp

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?