Zero-Day Windows XP Help Flaw Now Being Exploited -- Redmond Channel Partner

Hackers Exploiting Windows XP Help Flaw

By Kurt Mackie
June 15, 2010

Microsoft today revised its security advisory on a Windows help function flaw, noting that the proof-of-concept code to exploit the flaw is now being used by hackers.

The flaw, described last week, just affects Windows XP systems. Microsoft ruled out earlier concerns that Windows Server 2003 might have been vulnerable, according to security advisory 2219475 revised on June 15, 2010.

"Microsoft is aware that proof-of-concept exploit code has been published for the vulnerability," the revised advisory now states. "Microsoft is also aware of limited, targeted active attacks that use this exploit code. Based on the samples analyzed, Windows Server 2003 systems are not currently at risk from these attacks."

The active attacks were also confirmed on Tuesday by software security firm Sophos. In a blog post, Sophos identified the malware as "Sus/HcpExpl-A," which is spreading through a compromised Web site. The malware will drop a Trojan (called "Troj/Drop-FS") on a user's computer.

Microsoft has published a Fix it solution that provides an automated workaround for the vulnerability. Otherwise, IT pros would need to unregister the HCP Protocol by editing the Windows Registry to ensure against possible attacks to Windows XP systems. The exploit requires the victim to click on a link in an e-mail or visit a specially crafted malicious Web page.

Microsoft is saying that it will provide any further details at its Microsoft Security Response Center blog or via its Twitter page. Possibly, the company could issue an out-of-band patch or wait to issue a fix with the next security update cycle in July. Microsoft hasn't rated the threat level of the flaw, but Sophos described it as "high."

Meanwhile, the security researcher who first disclosed details about the flaw, Tavis Ormandy, who works for Google, received additional criticism. Graham Cluley, a senior technology consultant at Sophos, chimed in that the five days notice given by Ormandy was insufficient for Microsoft to respond to a zero-day threat.

Ormandy responded to his critics on Twitter by stating that "those five days were spent trying to negotiate a fix within 60 days."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Free Webcast! Learn about Password Management Best Practices

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Hackers Exploiting Windows XP Help Flaw

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Consolidates Cloud Migration Programs into 'Azure Accelerate'

Pax8 to MSPs: Embrace AI Agents and 'Managed Intelligence'

So You Want To Be an MSP? Here's What It Really Takes

Crowe Joins Microsoft Dynamics 365 AI Program

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Consolidates Cloud Migration Programs into 'Azure Accelerate'

Pax8 to MSPs: Embrace AI Agents and 'Managed Intelligence'

So You Want To Be an MSP? Here's What It Really Takes

Crowe Joins Microsoft Dynamics 365 AI Program

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | Stop Buying What You Already Own: The MSP's Guide to Microsoft 365 Optimization

Veeam Data Cloud for Microsoft 365

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlocking the power of Microsoft 365 management: A toolkit for MSP success

How MSPs can future-proof Microsoft 365 management with automation and security

The future of M365 management