Windows XP zero-day under attack; Use Microsoft’s “fix-it” workaround

By Ryan Naraine | June 15, 2010, 11:49am PDT

Just five days after Google researcher Tavis Ormandy released details of a critical vulnerability affecting Windows XP and Windows Server 2003, malware authors have struck, exploiting the flaw to plant malware on Windows machines.

The attacks, described by Microsoft as “limited,” are being distributed on rigged Web sites (drive-by downloads).

“Windows Server 2003 customers are not currently at risk from the Win Help issue based on the attack samples we have analyzed,” according to Microsoft’s security response center.

The attacks, which are only targeting Windows XP computers with the HCP protocol enabled, follows the controversial public disclosure of the flaw by Ormandy, a high-profile Google researcher.

The issue, which exists in the Microsoft Windows Help and Support Center, is caused by improper sanitization of hcp:// URIs. It allows a remote, unauthenticated attacker to execute arbitrary commands.

Ormandy, who recently used the full-disclosure hammer to force Oracle to address a dangerous Sun Java vulnerability, posted exploit code for the Windows issue just five days after reporting it to Microsoft.

In an e-mail message announcing the zero-day discovery, Ormandy said protocol handlers are a popular source of vulnerabilities and argued that “hcp://” itself has been the target of attacks multiple times in the past. This prompted his decision to go public without the availability of a patch:

Ormandy said he spent the five days “negotiating” for Microsoft to get a fix ready in 60 days but when that failed, he decided to go public because he was convinced that malicious hackers may be looking into these kinds of security holes.

For instructions on fixing the Windows XP Vulnerability, visit ZDnet

Have you seen this man? Click picture for more information…