Microsoft on Thursday confirmed that Windows XP and Windows Server 2003 contain an unpatched bug that could be used to infect PCs by duping users into visiting rigged Websites or opening attack email. The company said it has seen no active in-the-wild attacks exploiting the vulnerability.
The bug in Windows’ Help and Support Center — a component that lets users access and download Microsoft help files from the Web — doesn’t properly parse the “hcp” protocol handler, Microsoft said in an advisory issued Thursday afternoon. Attackers can leverage the vulnerability by enticing users to malicious or hacked Websites, or by convincing them to open malformed email messages.
Read More/Source: Infoworld