Article

Microsoft warns of increased Windows XP attacks against zero-day

Robert Westervelt, News Director

Microsoft is warning that attackers are stepping up attacks against a Windows XP zero-day vulnerability, disclosed last month by a Google engineer.

    Requires Free Membership to View

Attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution.
Holly Stewart
Microsoft Malware Protection Center

In a blog post, Microsoft's Holly Stewart said the software giant saw the first wave of attacks targeting the flawed component beginning June 15. Since then, the attacks have been more frequent, Stewart wrote in the Microsoft Malware Protection blog. Up to 10,000 computers have reported seeing the attack at least one time, Stewart wrote.

"Attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution," wrote Stewart, a member of Microsoft's Malware Protection Center.

Microsoft said its engineers are still testing a fix, but it urges users to apply a workaround outlined in a recent advisory to disable the vulnerable component. Most antimalware vendors have signatures that can detect the malicious code.

The serious flaw is in the Windows Help and Support Center, a Web-based feature that provides technical support to users. The flaw was disclosed last month by Google engineer, Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors.

Ormandy released details on the Full Disclosure mailing list June 5, renewing the age-old disclosure debate, as some experts questioned whether Ormandy failed to give Microsoft enough time to investigate and come up with a fix. He gave the software giant three days to investigate the flaw before publicizing it.

Microsoft issued a statement admonishing Ormandy for disclosing details about the vulnerability so quickly. In the Microsoft Security Response Center Blog, Microsoft's Mike Reavey director of the MSRC, said giving Microsoft engineers little time to develop and test a patch makes broad attacks more likely and puts customers at risk.

In just a few days, researchers at Sophos detected malware attempting to exploit the Microsoft zero-day flaw. Sophos said the malware spreads if a victim browses to a compromised website.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: