Microsoft is warning that attackers are stepping up attacks against a Windows XP zero-day vulnerability, disclosed last month by a Google engineer.
In a blog post, Microsoft's Holly Stewart said the software giant saw the first wave of attacks targeting the flawed component beginning June 15. Since then, the attacks have been more frequent, Stewart wrote in the Microsoft Malware Protection blog. Up to 10,000 computers have reported seeing the attack at least one time, Stewart wrote.
"Attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution," wrote Stewart, a member of Microsoft's Malware Protection Center.
Microsoft said its engineers are still testing a fix, but it urges users to apply a workaround outlined in a recent advisory to disable the vulnerable component. Most antimalware vendors have signatures that can detect the malicious code.
The serious flaw is in the Windows Help and Support Center, a Web-based feature that provides technical support to users. The flaw was disclosed last month by Google engineer, Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors.
Ormandy released details on the Full Disclosure mailing list June 5, renewing the age-old disclosure debate, as some experts questioned whether Ormandy failed to give Microsoft enough time to investigate and come up with a fix. He gave the software giant three days to investigate the flaw before publicizing it.
Microsoft issued a statement admonishing Ormandy for disclosing details about the vulnerability so quickly. In the Microsoft Security Response Center Blog, Microsoft's Mike Reavey director of the MSRC, said giving Microsoft engineers little time to develop and test a patch makes broad attacks more likely and puts customers at risk.
In just a few days, researchers at Sophos detected malware attempting to exploit the Microsoft zero-day flaw. Sophos said the malware spreads if a victim browses to a compromised website.