Attacks on an unpatched flaw in Windows XP have increased recently, says Microsoft.
Microsoft issued a Security Advisory on June 10, warning of an unpatched vulnerability in the Windows Help and Support Center function in Windows XP. The flaw affects Windows XP SP2 and SP3 and could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Googles senior security researcher, Tavis Ormandy, notified Microsoft about the flaw at the beginning of June. Days later Ormandy published proof of concept code, saying "without a working exploit, I would have been ignored."
Proof-of-concept exploit code for the vulnerability is now being used by hackers, who have started using it broadly. Holly Stewart, Microsoft Malware Protection Center, said over 10,000 distinct computers have reported seeing the attack at least one time. Hackers initially began targetting systems on June 15 but in limited numbers. "In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution", said Stewart.
Microsoft says the only current work around to the issue is to Unregister the HCP Protocol which disables hcp:// style links. The software giant is currently working on a fix and may provide an out-of-cycle security update, depending on customer needs. Security experts Secunia currently rate the issue as highly critical.
Image Credit: Microsoft.com