Full Disclosure mailing list archives
Bug in XP Help and Support, or Don't Be Fooled By Disabled Services
From: "Trowelfaz" <trowelfaz () hotmail com>
Date: Tue, 8 Jun 2004 21:27:31 -0500
There seems to be another bug in XP's Help and Support. If you disable the Help and Support service in the Services control panel and a user either clicks on the Help and Support icon in the start menu, clicks on a URL that starts with HCP:// or receives an email with an a link to HCP:// that will auto-execute the service that was previously set to DISABLED will start and set itself to automatic. This can only be set by an administrator (hmmm, what user is an XP Home user logged in as - question for the day...), but opens up an avanue for an attacker to possibly exploit this service even if a user believes it is shit down. What is even funnier is in the KB840374 article, it says that the help and support service cannot be fully patched if it is disabled. But it can be auto started, can't it? When it is not supposed to? I always thought that a service that was set to disabled cannot be set to automatic and started without user intervention. Hmmm, Just maybe I could get that pesky AV software to go disabled or better yet, the task scheduler looks pretty nice... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Bug in XP Help and Support, or Don't Be Fooled By Disabled Services Trowelfaz (Jun 08)
- <Possible follow-ups>
- RE: Bug in XP Help and Support, or Don't Be Fooled By Disabled Services Ray P (Jun 09)