Malicious attacks reported due to the Windows vulnerability found last week

News by Dan Raywood

Exploits have been reported due to the vulnerability in Windows reported by Tavis Ormandy last week.

Exploits have been reported due to the vulnerability in Windows reported by Tavis Ormandy last week.

Ormandy found the vulnerability in Windows XP's help and support centre just hours after Microsoft had released ten bulletins on its monthly Patch Tuesday. He also only gave the company five days to fix the problem before going public with details of how hackers could write malicious code to exploit it.

Sophos has reported on the first proactive detection (Sus/HcpExpl-A) of malware that is spreading via a compromised website. It said that the malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim's computer by exploiting this vulnerability.

Graham Cluley, senior technology consultant at Sophos, called it an 'irresponsible disclosure' at the time, as he was worried that having such information floating around the internet would make it easy for cyber criminals to take advantage.

He said: “So my question to Mr Ormandy is this - do you feel proud of your behaviour? Do you think that you have helped raise security on the internet? Or did you put your vanity ahead of others' safety?

“A responsible security researcher would have been happy working with Microsoft on a successful resolution of the issue, and only shared details once a safe patch had been developed. Five days isn't a sensible period of time to expect Microsoft to develop a fix which has to be tested thoroughly to ensure it doesn't cause more problems than it intends to correct.”

Security blogger Brian Krebs said: “If you use Windows XP and have not yet taken Microsoft up on its suggestion to disable the vulnerable help and support centre component, please consider taking a moment to do that today. Until Microsoft issues an official fix for this flaw, the workaround they suggest is an easy and apparently painless one.”

Microsoft Security Response said on its Twitter feed that Windows Server 2003 customers are not currently at risk from the Windows help issue based on the attack samples it had analysed.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews