Bug in XP Help and Support, or Don't Be Fooled By Disabled Services

["Trowelfaz" <trowelfaz () hotmail com>]

There seems to be another bug in XP's Help and Support. If you disable the
Help and Support service in the Services control panel and a user either
clicks on the Help and Support icon in the start menu, clicks on a URL that
starts with HCP:// or receives an email with an a link to HCP:// that will
auto-execute the service that was previously set to DISABLED will start and
set itself to automatic. This can only be set by an administrator (hmmm,
what user is an XP Home user logged in as - question for the day...),  but
opens up an avanue for an attacker to possibly exploit this service even if
a user believes it is shit down. What is even funnier is in the KB840374
article, it says that the help and support service cannot be fully patched
if it is disabled. But it can be auto started, can't it? When it is not
supposed to? I always thought that a service that was set to disabled cannot
be set to automatic and started without user intervention. Hmmm, Just maybe
I could get that pesky AV software to go disabled or better yet, the task
scheduler looks pretty nice...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html