Microsoft is warning that there has been an increase of attacks against a zero-day vulnerability in Microsoft Help and Support Center. The vulnerability is due to an error when using invalid hexadecimal characters in the search topic parameter of a URI. It can be used to bypass restrictions normally imposed by a command-line argument to load arbitrary help documents. Proof-of-concept code has been available since at least mid-June and has been proven to work with Windows XP, and Windows Server 2003, other versions may also be affected. While a patch is still not available, you should plan on patching as soon as one is. In the meantime, be careful or better, unregister the HCP protocol (manually, or by using this tool provided by Microsoft). However, doing so will break all local links that use hcp:// such as links in the Control Panel.
Snort coverage for CVE-2010-1885 is provided by sid 16665 while ClamAV signature BC.Exploit.CVE_2010_0815 will detect attacks leveraging this vulnerability.