Microsoft today announced that it is investigating public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003.
This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message, Microsoft said.
Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, the company is not currently aware of active attacks that use this exploit code or of customer impact at this time.
Microsoft is working with partners in the Microsoft Active Protections Program (MAPP) to provide information that they can use to provide a secuirity patch.
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems