Home > Uncategorized > Miscreants Exploit Google-Outed Windows XP Zero-Day

Miscreants Exploit Google-Outed Windows XP Zero-Day

June 15th, 2010 06:54 admin Leave a comment Go to comments

CWmike writes “A compromised Web site is serving an exploit of the bug in Windows’ Help and Support Center, identified by a Google engineer last week, to hijack PCs running Windows XP. Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software. ‘It’s a classic drive-by attack,’ said Cluley. The tactic was one of two that Microsoft said last week were the likely attack avenues. (The other was convincing users to open malicious e-mail messages.) The vulnerability was disclosed last Thursday by Google security engineer Tavis Ormandy, who also posted proof-of-concept attack code. Ormandy defended his decision to reveal the flaw only 5 days after reporting it to Microsoft. Cluley called Ormandy’s action ‘utterly irresponsible,’ and in a blog post asked, ‘Tavis Ormandy — are you pleased with yourself?‘”

Source: Miscreants Exploit Google-Outed Windows XP Zero-Day

Related Articles:

  1. Google Security Expert Finds, Publicly Discloses Windows Kernel Bug
  2. Windows Remote Desktop Exploit In the Wild
  3. Windows DLL Vulnerability Exploit In the Wild
  4. Web Exploit Found That Customizes Attack For Windows, Mac, and Linux
  5. RDP Proof-of-Concept Exploit Triggers Blue Screen of Death
blog comments powered by Disqus