Currently, it appears that only Windows XP is affected. Again, you can run the fixit tool found from here to temporarily resolve the problem:
http://support.microsoft.com/kb/2219475
I haven't examined the exploit yet (it's late), but from what I've gleaned I would advise heightened vigilance when clicking on hyperlinks. Double-check to ensure that you're clicking on links that begin with http://. The exploit code requires a handler be registered for the HCP protocol, so if you see a URL that starts with hcp:// do not click on it!. As I understand it, the exploit won't function unless you happen to click on an hcp:// URI, but since accidents do happen you may find it more appropriate to use the fix tool as a temporary workaround. Be aware that disabling HCP handling might break the help feature in some programs.
Since this exploit is protocol handler based, it can affect you regardless of what browser you're running. The reason for this is simple: Since browsers generally interface with the operating system, whenever you click on a link they check the protocol to see what application is registered to handle it. If the protocol is not HTTP, the browser will pass the request off (and thus the exploit) to the application that is registered to handle that particular protocol.
Now, what I mean by protocol is the first few characters in front of the :// in a URL. Here are some examples (I'm aware that adding the word "protocol" is redundant, but I am including it for clarity):
HTTP protocol:
- Code: Select all
http://example.com/about.html
|__| |_________||_________|
| | |
protocol | path component
|
domain
FTP protocol (you probably see this when downloading files):
- Code: Select all
ftp://example.com/about.html
|_| |_________||_________|
| | |
protocol | path component
|
domain
HCP protocol (the exploitable protocol--never click on links that start with these three letters):
- Code: Select all
hcp://example.com/about.html
|_| |_________||_________|
| | |
protocol | path component
|
domain
