While TechRepublic is not really a news site, information technology professionals running Windows XP or Windows Server 2003 should be aware that there is a zero-day vulnerability caused by the improper sanitization of hcp:// URIs, which may allow a remote, unauthenticated attacker to execute arbitrary commands.

For more details, you should check out the blog post on our sister-site ZDNet titled “Googler Releases Windows Zero-Day Exploit, Microsoft Unimpressed.”

The vulnerability, while definitely a concern, would take some effort to actually exploit, but Microsoft has already issued a formal security advisory with pre-patch mitigation guidance. Affected Windows users can unregister the HCP protocol, but doing so may break all local help links.

Larger question

Should information about these kinds of vulnerabilities be made public before the software company involved has a chance to either fix it or at least form a plan of attack?