Does Windows 8 include the Windows Help program (WinHlp32.exe)?

Question

In 2011, Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks.

The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design.

Here's the malicious WinHelp files (Bloodhound.HLP.1 & Bloodhound.HLP.2) detection heat map:

enter image description here

I would like to know if the Windows Help program exists on my Windows 8 machine by default, because if it does I might need to remove it for security reasons.

Does Windows 8 include the Windows Help program (WinHlp32.exe)?

score 14 · Accepted Answer · edited Nov 13 '12 at 02:35

C:\Windows\winhlp32.exe installed with Windows 8 is a stub only (~10KB). It does not shows or open .hlp files! You have no need to erase this file.

There is optional update KB917607 (.msu) for Windows 8 which allows to work with .hlp files, but this update may be installed manually by the user only. After installing this update C:\Windows\winhlp32.exe will be more than 100KB (can't say exactly).

score 6 · Answer 2 · answered Nov 05 '12 at 16:24

6

Clean Install Windows Pro RTM OEM, all the winhlp32 stub does is open the Help and support window. Right click open with or double click gets the support window.

It must be manually installed

enter image description here

.

enter image description here

answered Nov 05 '12 at 16:24

Moab

58,769

score 0 · Answer 3 · answered Nov 05 '12 at 14:25

I have just tried running it on windows 8 and it works, so it's definitely there.
There are also references to windows 8 on MSDN.

Before you delete it, you might want to check if this "functionality" has been toned down so that it cannot be used maliciously anymore.

Does Windows 8 include the Windows Help program (WinHlp32.exe)?

3 Answers3