Unpatched Windows Vulnerability Actively Exploited in the Wild

[JMH]

A critical Windows remote code execution vulnerability disclosed last week is already being exploited in the wild. Security companies warn that attackers are luring unsuspecting users onto malicious Web pages that leverage the flaw to install malware on their computers.

Last Thursday, Tavis Ormandy, an information security engineer at Google revealed details about a previously unknown vulnerability in the Windows Help and Support Center. Considering that his disclosure included fully working exploitation code and that Microsoft was only given five days in advance to patch the bug, many people in the information security community accused Ormandy of acting irresponsibly.

"Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s computer, by exploiting this vulnerability," Donato Ferrante, a security researcher at Sophos, announced yesterday. "In my opinion publishing exploit code was utterly irresponsible behaviour, and I was worried that having such information floating around the internet would make it easy for cybercriminals to take advantage," Graham Cluley, the company's senior technology consultant, commented.

More -
Unpatched Windows Vulnerability Actively Exploited in the Wild - Attacks target Windows XP users - Softpedia

 

[chev65]

This one sounds like a,...what I call a "Reformatter" :sarc: because once this gets into your system no A/V is going to pull you out of it. Thanks for the info JMH.

 

[KazeNoKoe23]

Sounds like another exploit that 7 users probably shouldn't worry about, just XP users.

 

[BCXtreme]

Wonder how much more of this it will take to get people off XP...?

 

[pparks1]

Wonder how much more of this it will take to get people off XP...?

It's not likely stuff like this which really encourages people to switch. most who are using XP are on old machines and likely will be on XP simply until they purchase a new computer.

 

[BCXtreme]

Wonder how much more of this it will take to get people off XP...?

It's not likely stuff like this which really encourages people to switch. most who are using XP are on old machines and likely will be on XP simply until they purchase a new computer.

What about the people that swear up and down that nothing will ever get them off XP? I look forward to seeing their compatibility rot around them when all the developers realize that MS is never going to just re-release XP (which is apparently what the aforementioned people want)... At least the holdouts are fewer this time around, due to the vast superiority of Win 7...

 

[Faladu]

This is why it is good to be a techie nerd, Windows HELP?

I disable that service immediately after every wipe and drop with all the other silly nonsense wasting resources that M$ made default.

Try Boostspeed, I swear by and at it for tweaking ease.

...and all firewall programs are not equal, which I found out last year, and switched, I was pretty perturbed that my trusty old one turned out to be unacceptable.