|16 Jun 2010||#1|
| || |
Microsoft confirms XP zero-day exploit.
For those of us that still use or have XP loaded...
Hackers exploit Windows XP zero-day, Microsoft confirms
Computerworld - Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft confirmed today.
Although Microsoft did not share details of the attack, other researchers filled in the blanks.
A compromised Web site is serving an exploit of the bug in Windows' Help and Support Center to hijack PCs running Windows XP, said Graham Cluley, a senior technology consultant at antivirus vendor Sophos. Cluley declined to identify the site, saying only that it was dedicated to open-source software.
"It's a classic drive-by attack," said Cluley, referring to an attack that infects a PC when its user simply visits a malicious or compromised site. The tactic was one of two that Microsoft said last week were the likely attack avenues. The other: Convincing users to open malicious e-mail messages.
According to Microsoft, the exploit has since been scrubbed from the hacked Web site, but it expects more to surface. "We do anticipate future exploitation given the public disclosure of full details of the issue," said Jerry Bryant. Microsoft's group manager of response communications.
The vulnerability was disclosed last Thursday by Tavis Ormandy, a security engineer who works for Google. Ormandy, who also posted proof-of-concept attack code, defended his decision to reveal the flaw only five days after reporting it to Microsoft -- a move that Microsoft and other researchers questioned.
Tool/fix provided - Microsoft Fix It
Yes I know this is a Seven forum but some of us still keep XP around, even if we don't use it
And let's not forget "XP Mode with Virtual PC"
|My System Specs|
|Similar help and support threads for2: Microsoft confirms XP zero-day exploit.|
|Microsoft Confirms Critical IE Bug, Works on Fix||Security News|
|Microsoft Confirms x64 Windows 7 Aero Vulnerability||News|
|Microsoft confirms 0-Day IIS security vulnerability||System Security|
|Microsoft confirms IE6, IE7 zero-day bug||Browsers & Mail|
|Microsoft confirms first Windows 7 zero-day bug||Browsers & Mail|
|Microsoft confirms phishers stole 'several thousand'...||System Security|
|Microsoft confirms Windows 7 family pack||News|