Microsoft released new security advisory.

1. Summary

- Microsoft Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message.

2. Affected Software

- Windows XP SP2, SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2
- Windows Server 2003 with SP2 for Itanium-based Systems

3. Non-Affected Software

- Microsoft Windows 2000 SP4
- Windows Vista SP1, SP2
- Windows Vista x64 Edition SP1, SP2
- Windows Server 2008 for 32-bit Systems, SP2
- Windows Server 2008 for x64-based Systems, SP2
- Windows Server 2008 for Itanium-based Systems, SP2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems

4. Temporary Solution

- Uncheck registry of vulnerable HCP Protocol registering
 

1) From regedit
- Go to [Start]-[Run], input "regedit" and execute registry editor
- Go to [HKEY_CLASSES_ROOT\HCP]
- Click [File]-[Export]
- Set a file name as "HCP_Procotol_Backup.reg" and back-up the registry key
- Delete "HKEY_CLASSES_ROOT\HCP" registry key by clicking DEL key
 

* How to recovery:
- From the regedit, click [File]-[Import]
- Click the target registry file(HCP_Procotol_Backup.reg)
- HKEY_CLASSES_ROOT\HCP registry key recovery done

2. From Command Prompt
- Registry back-up

- Save below text to "Disable_HCP_Protocol.reg" file.

- Execute the saved registry script file following by below order

* How to recovery :

 
Link: http://www.microsoft.com/technet/security/advisory/2219475.mspx