Windows XP & 2003 Exploit Found by Google Worker

Tavis Ormandy, a security engineer working for Google has discovered an important flow in Windows XP & 2003 systems; which is based on hcp links. When an hcp link is called from a browser, it opens Help and Support Center otomatically. Also from command prompt the service is accessable;

C:\> ver
Microsoft Windows XP [Version 5.1.2600]
C:\> c:\windows\pchealth\helpctr\binaries\helpctr.exe -url "hcp://system/sysinfo/sysinfomain.htm"
C:\>

This invokes Help and Support Center and the application is capable of opening web sites within itself. The system is safe actually, because only allowed (marked as safe) sites are reached but a simple XSS can exploit this feature.

This seems to be a -yet another- normal and usual security breach within Windows but it is found by a Google worker (which makes the deal interesting). The guy informed Microsoft by 5th of June and after 5 days, he released the details of the bug to public and hackers made use of it as soon as it is released. Everyone is flaming Tavis Ormandy about the issue now, seems like we will hear more about this upcoming days.

PoC: http://seclists.org/fulldisclosure/2010/Jun/205
News: http://it.slashdot.org/firehose.pl?op=view&type=story&sid=10/06/16/0021225