Google security researcher Tavis Ormandy has released details of a zero-day vulnerability affecting the Microsoft Windows Help and Support Center without giving Microsoft adequate time to prepare a patch. The vulnerability, which is due to improper sanitization of hcp:// URIs may allow a remote, unauthenticated attacker to execute arbitrary commands. Microsoft is expected to issue a formal security advisory with workarounds and mitigation guidance later today. Affected Windows users can unregister the HCP protocol to protect themselves using the following steps.
Source: https://threatpost.com/googler-drops-windows-zero-day-microsoft-unhappy-061010/74093/

