MS Patches Windows Code Execution Flaw | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

MS Patches Windows Code Execution Flaw

Written By
Ryan Naraine
Ryan Naraine
May 11, 2004
2 minute read

Users of Microsoft’s Windows XP and Windows Server 2003 operating systems are at risk of remote code execution attacks because of a flaw in the Help and Support Center feature, according to an alert issued by the software giant.

The MS04 -015 advisory, which carries an “important” rating, could allow an attacker to remotely execute code on vulnerable systems because of the way
the Help and Support Center handles HCP URL validation.

“An attacker who successfully exploited this vulnerability could take
complete control of an affected system,” Microsoft warned. It said an
attacker could exploit the vulnerability by constructing a malicious HCP URL
that could potentially allow remote code execution if a user visited a
malicious Web site or viewed a malicious e-mail message.

Affected Software include Windows XP and Windows XP Service Pack 1;
Windows XP 64-Bit Edition Service Pack 1; Windows XP 64-Bit Edition Version
2003; Windows Server 2003 and Windows Server 2003 64-Bit Edition.

As a temporary workaround, Microsoft recommends that users unregister the
HCP Protocol to block known attack vectors. “To help prevent an attack,
unregister the HCP Protocol by deleting the following key from the registry:
HKEY_CLASSES_ROOTHCP.”

In its scheduled May release of patches, Microsoft also re-released two
bulletins (MS01-052 and MS04-014) to update fixes for known Windows security bugs.

The MS01-052 update, which carries a “moderate” rating, tweaks the patch for Windows NT Server 4.0 Terminal Server Edition users. The re-released patch addresses a security vulnerability that could occur with the original release that could allow an attacker to attempt a denial of service attack.

A revision was also made to the MS04-014 patch released last month to add fixes for non-English versions of Windows XP. “The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP,” Microsoft explained.
Ryan Naraine
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information