I’m sure you’re already aware of this but in case you somehow managed to miss it, Security Advisory 2219475 was released last Thursday. You can read all the details here but I have the synopsis below:
Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
The Microsoft Security Response Team also has the Q&A from the webcast posted here.
J.C. Hornbeck | System Center Knowledge Engineer