Prolateral Consulting Ltd
Prolateral Consulting Ltd

Help & Support Service Exploits Windows XP. Manual fix available until Microsoft release a patchOn the 10th June 2010 a new exploit to the Windows XP operating system was discovered by an engineer at Google called Travis Ormandy.  Travis found it was possible to exploit the “help and support” service in Windows XP to give remote access and execute command with the privileges of the current user logged in.  Full disclosure of this exploit can be found at http://seclists.org/fulldisclosure/2010/Jun/205

A statement from Microsoft said that they had seen a number of these attacks since the 10th June 2010 which they attributed to fellow researchers trying to replicate Travis Ormandy’s research.  However since the 15th June the number of recorded incidents has been increasing.

As of the 1st July 2010 Microsoft have still not released a fix to the problem however it is possible to prevent this exploit by disabling the “Help and Support” service. Instructions are below.

What can I do?

Always make sure your anti-virus program and firewall are up-to-date.  This will block any suspicious network traffic.  When operating system updates are available, download and install them as soon as possible.  With Windows, you can configure it to update automatically; that way when a fix for this exploit is released you will get it straight away.

Beware of any emails from people you don't know, especially avoid downloading any attachments or clicking any links in emails.

Also, make sure you update your web browser as often as possible.  Microsoft recently released an update for Internet Explorer that fixed a serious vulnerability.

How to disable the “Help & Support” service

Follow the below instructions to disable the Help and Support service in Windows XP.

Click on the “Start” button and select the run option.  Type in the dialog box “Services.msc

Run services.msc from Windows XP to stop the Help & Support service exploit

A window called "Services" appear. On the right hand pane scroll down until you find the "Help and Support" service. Right click on it and select properties.

Using services.msc to stop the Help & Support service exploit

Another window will open. In the "Startup Type" section, select the option "Disable" and click "Apply" or "OK".

Disabling Help & Support service

For these changes to take effect you must reboot your PC.

How to enable the “Help & Support” service

To enable the service again after a patch from Microsoft has been released simply follow the above procedure and in the “Startup Type” section of the service select the option “Automatic”

Prolateral can help you

If you think you have been infected by a virus, spyware, malware, or scareware and need help then give us a call. Prolateral Consulting is an IT Security company specialising in the protection of your computer systems. Prolateral is solution partners with Symantec and eSet to help provide you the best of breed solution that is tailored to fit your business requirement.  Together with proFilter, Prolateral's first rate anti-spam and anti-phishing email filter we have the complete solution.

About Prolateral

Prolateral Consulting is in business to put your organisation back in control of your own Information Technology, specialising in information and messaging security, computer forensic services, and disaster recovery planing.

Contact Info

Prolateral Consulting Ltd
Luton, Bedfordshire, UK
Tel : +44 (0) 8450 763760
Email : This email address is being protected from spambots. You need JavaScript enabled to view it.

Instant Information request

Please complete the request for information if you wish to discuss matters further or if your needs are more urgent then you can request a call back from us.