Saturday, July 3, 2010
Over 10,000 XP machines attacked by unpatched vulnerability
The hole apparently lies in the Windows Help and Support Center software that is included with Windows XP. Attackers are using various methods to take advantage of the bug, and payloads vary greatly. Microsoft has released a list of some of the payloads detected so far. Most are Trojans, and you can find the list toward the end of this blog post.
To date, Microsoft believes over 10,000 separate machines have been attacked at least once by means of the flaw. Those systems are scattered all around the globe, with attacks logged in about 20 countries.
The largest number of attacks are taking place in Portugal and Russia – about ten times the global average (where the US sits), to be precise. Users of Windows XP may want to double down on security until Microsoft deals with a recently identified flaw (CVE-2010-1885). A Google engineer found the hole last month and at first, Microsoft said it only saw "legitimate researchers testing innocuous proof-of-concepts" – but it didn't take long for malicious hackers to prey on the vulnerability.
The company is working on a fix and may release an out-of-band patch, but until then, users can use a one-click Fix-It tool to disable the Help Center. You can also delete HPC manually by following the brief instructions posted under "Workarounds" on the Security Advisory page, and be sure to create a backup as directed.
According to the security advisory posted for CVE-2010-1885, Windows XP SP2 and SP3, Windows XP Professional x64 SP2, Windows Server 2003 SP2, Windows Server 2003 x64 SP2, and Windows Server 2003 with SP2 for Itanium-based systems are all affected. However, in the executive summary, Microsoft says Windows Server 2003 systems are not currently at risk.