Microsoft has said that it is working on a fix for a vulnerability in its Windows Help and Support Center.
Reports surfaced that there were active attacks on the centre since the publication of a vulnerability early in June. It claimed that at first, it only saw legitimate researchers testing innocuous proof-of-concepts, but five days later the first real public exploits emerged which were initially targeted and fairly limited, but have now become much more widespread.
Holly Stewart, a senior program manager with the Microsoft Malware Protection Center (MMPC), said that as of today, over 10,000 distinct computers have reported seeing this attack at least once.
“In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution,” she said.
Stewart also said that starting last week, it began to see seemingly automated, randomly generated html and php pages hosting the exploit. She said: “This attack methodology constitutes the bulk of attacks that have continued to flourish into this week.”
In terms of the payloads, Stewart said that initially the attacks focussed on downloading the Obitel malware that downloads other malware, but more recently, downloads have varied in their methodology to include some direct downloads, but also some downloads involving single or double script redirects.
Microsoft has said that it will ‘continue to monitor this situation and provide updates as appropriate'. The next batch of Microsoft patches are expected to be released on 13th July.
Tavis Ormandy, who initially discovered and disclosed the vulnerability, used his Twitter feed to hit out at what he sarcastically called Forbes ‘quality journalism' for interpreting Microsoft's 10,000 attacks as ‘10,000 infections'.
Critical of Ormandy's decision to disclose the vulnerability was Graham Cluley, senior technology consultant at Sophos, who claimed at the time that he was worried that having such information floating around the internet would make it easy for cyber criminals to take advantage.
Speaking to SC Magazine, Sophos senior security consultant Carole Theriault, said: “What is annoying about all this is that if the disclosure of the exploit code had been done with a bit more responsibility, we probably wouldn't be in this particular situation.
“This is yet another reminder for people to run up-to-date patches and anti-virus. Companies like Microsoft have made the patching of vulnerabilities much simpler for both home users and businesses, but it is a problem if people don't allow time for the updates.”
Gartner recently claimed that organisations should be planning and testing Windows 7 this year with a view to moving from Windows XP by the end of 2012 before Microsoft ends support for it in April 2014.