Home / bulletins Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Posted on 15 June 2010
Revision Note: V1.2 (June 15, 2010): Revised Executive Summary to reflect awareness of limited, targeted active attacks that use published proof-of-concept exploit code.Summary: Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
