Attackers Exploiting Windows Help Center Flaw

Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week.

Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week.

The flaw, which is in the protocol handler related to the Microsoft Windows Help and Support Center, was disclosed late last week by Tavis Ormandy, a security researcher who works for Google. The disclosure, which came just five days after Ormandy notified Microsoft of the vulnerability, caused a huge dustup in the security community and elicited a rather testy response from the Microsoft Security Response Center.

Now, researchers say that they have seen evidence that attackers are using the vulnerability in active attacks. Sophos researchers identified a piece of malware that’s being used by a compromised site to attack visitors.

Today, we got the first pro-active detection (Sus/HcpExpl-A)
on malware that is spreading via a compromised website.

This malware downloads and executes an additional malicious
component (which will shortly be detected as Troj/Drop-FS)
on the victim’s computer, by exploiting this vulnerability.

At the time of his disclosure, Ormandy said he was posting details of the vulnerability because he felt there was a strong likelihood that attackers knew about it already.

“I’ve concluded that there’s a significant possibility that attackers have studied this component,
and releasing this information rapidly is in the best interest of security,” he said in his advisory.

Microsoft’s Security Response Center said that it is aware of the attacks and recommends that affected Windows XP users deploy the FixIt patch in the security advisory.

Suggested articles

Discussion

  • taviso on

    FUCK TAVISO.

  • Anonymous on

    You can't say those nasty words to Tavis alone. His esteemed team at google helped him if you read his post on FD. :)
  • taviso on

    OK. So my regards to all then. I can't believe the double moral that they use. And this guy releasing this JUST because he wants a bit more of fame, in the name of "protecting users".

    I think Tavis should go to the shrink or buy a "get a self-esteem today" book and stop bothering people in the name of security. You are famous now, Tavis. Congrats.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.