Wednesday, June 16, 2010

Windows XP Help vulnerability now "in the wild"

There are multiple reports of drive-by downloads appearing. Drive-by downloads are dangerous because you can be infected without taking any action other than browsing to a webpage which carries the infection. If you are running Windows XP as an administrator, you should probably immediately apply one of the workarounds described on the Microsoft page linked below.

Microsoft confirms exploits targeting Ormandy 0-day - SC Magazine US
Five days after a Google researcher published details of a zero-day vulnerability affecting the Windows Help and Support Center, in-the-wild exploits have emerged, Microsoft said Tuesday.

The software giant said it was aware of "limited exploits" affecting XP users, according to a tweet posted by the Microsoft Security Response Center. Server 2003 also is vulnerable to the bug, but Microsoft said it has not received any attack samples targeting those customers.

As affected users await a permanent fix, they are encouraged to apply a "Fix It" workaround, as outlined in a security advisory released Thursday by Microsoft.
Windows XP zero-day under attack; Use Microsoft's "fix-it" workaround | ZDNet
Just five days after Google researcher Tavis Ormandy released details of a critical vulnerability affecting Windows XP and Windows Server 2003, malware authors have struck, exploiting the flaw to plant malware on Windows machines.

The attacks, described by Microsoft as “limited,” are being distributed on rigged Web sites (drive-by downloads).

Official Microsoft bulletin here:
Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

Home users should immediately run the Microsoft "Fixit" from this page: Vulnerability in Help Center could allow remote code execution. They should also download the "Disable" version of the "FixIt" for use later, as Microsoft often makes the FixIt page disappear when the problem is fixed permanently, removing access to the "UnFixit" for those who haven't planned ahead.

No comments: