Tuesday, June 15, 2010

Attackers Exploiting Windows Help Center Flaw

Via Threatpost.com -

Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week. The flaw, which is in the protocol handler related to the Microsoft Windows Help and Support Center, was disclosed late last week by Tavis Ormandy, a security researcher who works for Google. The disclosure, which came just five days after Ormandy notified Microsoft of the vulnerability, caused a huge dustup in the security community and elicited a rather testy response from the Microsoft Security Response Center.

Now, researchers say that they have seen evidence that attackers are using the vulnerability in active attacks. Sophos researchers identified a piece of malware that's being used by a compromised site to attack visitors.


Microsoft has posted several tweets on their official (msftsecresponse) twitter account...
Windows Server 2003 customers are not currently at risk from the Win Help issue based on the attack samples we have analyzed
We are aware of limited exploits against the Win Help issue. XP users, apply the FixIt in Security Advisory 2219475 http://bit.ly/9EdPcs

No comments:

Post a Comment