Share this Page

IT Security | News

Hackers Exploiting Windows XP Help Flaw

By Kurt Mackie
06/16/10

Microsoft this week revised its security advisory on a Windows help function flaw, noting that the proof-of-concept code to exploit the flaw is now being used by hackers.

The flaw, described last week, just affects Windows XP systems. Microsoft ruled out earlier concerns that Windows Server 2003 might have been vulnerable, according to security advisory 2219475 revised on June 15, 2010.

"Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability," the revised advisory now states. "Microsoft is also aware of limited, targeted active attacks that use this exploit code. Based on the samples analyzed, Windows Server 2003 systems are not currently at risk from these attacks."

The active attacks were also confirmed Tuesday by software security firm Sophos. In a blog post, Sophos identified the malware as "Sus/HcpExpl-A," which is spreading through a compromised Web site. The malware will drop a Trojan (called "Troj/Drop-FS") on a user's computer.

Microsoft has published a Fix it solution that provides an automated workaround for the vulnerability. Otherwise, IT pros would need to unregister the HCP Protocol by editing the Windows Registry to ensure against possible attacks to Windows XP systems. The exploit requires the victim to click on a link in an e-mail or visit a specially crafted malicious Web page.

Microsoft is saying that it will provide any further details at its Microsoft Security Response Center blog or via its Twitter page. Possibly, the company could issue an out-of-band patch or wait to issue a fix with the next security update cycle in July. Microsoft hasn't rated the threat level of the flaw, but Sophos described it as "high."

Meanwhile, the security researcher who first disclosed details about the flaw, Tavis Ormandy, who works for Google, received additional criticism. Graham Cluley, a senior technology consultant at Sophos, chimed in that the five days notice given by Ormandy was insufficient for Microsoft to respond to a zero-day threat.

Ormandy responded to his critics on Twitter by stating that "those five days were spent trying to negotiate a fix within 60 days."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

THE Magazine

THE News Update

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select place of work

I agree to this site's Privacy Policy.

Webcasts

All Webcasts

Whitepapers

Tackling the Digital Learning Time Crunch

When Rialto Unified School District undertook a 1-to-1 program for its 26,000 students, the California school system knew an infrastructure update was in order. And the more those devices were being used for learning — not just during school, but after school, for Saturday school and deep into the summer — the smaller the windows became in which the IT organization could handle maintenance tasks. The district decided to try a new approach for refreshing the network. Read more...

All Whitepapers

Related Articles

Share this Page

Hackers Exploiting Windows XP Help Flaw

Updated: Free Resources for Schools During COVID-19 Outbreak

Google Launches Free Curriculum for Certified Ed Tech Coach Credential

Updated List of Statewide School Closures with Closure Dates

Updated: Free STEM and STEAM Resources for Schools During the COVID-19 Outbreak

Free Class Teaches Python Data Wrangling

THE Magazine

Download the Mar/Apr 2019 digital edition of THE Journal

THE News Update

Webcasts

How to Avoid the Pitfalls of Remote Learning

Whitepapers

Tackling the Digital Learning Time Crunch

Related Articles

Share this Page

Hackers Exploiting Windows XP Help Flaw

Trending

THE Magazine

THE News Update

Webcasts

Whitepapers