Microsoft

Windows zero-day vulnerability is revealed with no patch available

A Windows vulnerability caused by the improper sanitization of hcp:// URIs may allow a remote, unauthenticated attacker to execute arbitrary commands.

While TechRepublic is not really a news site, information technology professionals running Windows XP or Windows Server 2003 should be aware that there is a zero-day vulnerability caused by the improper sanitization of hcp:// URIs, which may allow a remote, unauthenticated attacker to execute arbitrary commands.

For more details, you should check out the blog post on our sister-site ZDNet titled "Googler Releases Windows Zero-Day Exploit, Microsoft Unimpressed."

The vulnerability, while definitely a concern, would take some effort to actually exploit, but Microsoft has already issued a formal security advisory with pre-patch mitigation guidance. Affected Windows users can unregister the HCP protocol, but doing so may break all local help links.

Larger question

Should information about these kinds of vulnerabilities be made public before the software company involved has a chance to either fix it or at least form a plan of attack?

About Mark Kaelin

Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.

Editor's Picks

Free Newsletters, In your Inbox