SoSecure.Org

 
A recent discovery of a Zero-Day Vulnerability in the “Windows Help Centre” HCP Protocol Handler, which does not handle correctly malformed “Escape Sequences”. Hence, executing code remotely without the authorization of the user.
 
As per Microsoft, the vulnerability is applicable only to Windows XP and Windows Server 2003.
 
Scareware criminals are already taking advantage of the vulnerability to earn profit by installing unauthorized software on user machines (i.e. Fake Antivirus).
 
Here is what you can do to prevent damages:

• If you want to fix the issue temporarily, use this Fix It Tool from Microsoft
• If you visit a website, and the Help Centre opens, shutdown your machine
• If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
• Apply Microsoft’s Patch when it becomes available (Do not forget to disable the Fix)

Try the following harmless Proof-of-Concept (at your own risk):

• OSVDB-65264 – PoC (Remote Execution of a simple PING)

 
UPDATE (2010/07/13): Microsoft has released a patch for this issue (MS10-042). Please update as soon as possible.
 

 
An immediate update of “Citrix OnLine Plug-In” is required in order to be safe from the recent Man-In-The-Middle Attack exploiting the newly discovered SSL/TLS Renegotiation Vulnerability.
 
If you are connecting to a Citrix Gateway, we recommend you update your plug-in as soon as possible from here:

• Citrix Systems – Client/Plug-In Downloads