14 DAY TRIAL // A Critical zero-day vulnerability discovered and made public by a Google employee will be patched as soon as possible, Microsoft has revealed, indicating that it has already started working on a security update. The flaw, which apparently resides in the Windows Help and Support Center function of both Windows XP and Windows Server 2003, is not currently under attack, but this situation could change very easily.
This because the Google security researcher that managed to come across it gave Microsoft only five days to patch the vulnerability, after which he went public with details that made it extremely simple for attackers to build exploits for the flaw. According to Microsoft, customers running the latest releases of Windows are not affected by the vulnerability.
“It is important to note that customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack. The vulnerability affects the Windows Help and Support Center function, a component of Microsoft Windows. We are not currently aware of any successful exploits of this vulnerability,” Jerry Bryant, group manager, Response Communications, Microsoft, noted for Softpedia.
Customers running XP or Windows Server 2003 can turn to Security Advisory 2219475 in order to gain additional insight into this issue, as well as find out how to protect their machines. Microsoft is advising customers to opt for the workaround it has outlined in Security Advisory (2219475), rather than for any third-party fix. Essentially, the company is telling customers potentially affected by this issue that unregistering the HCP Protocol is a way to securely make sure that any eventual exploits are rendered useless on affected systems.
“Given the public disclosure of the details of the vulnerability, and how to exploit it, customers should be aware that broad attacks are likely. Customers should also note that the workaround provided by the Google researcher is easily circumvented. As such, customers running Windows XP and Windows Server 2003 are encouraged to review and apply the mitigations and workarounds discussed in Microsoft’s Security Advisory,” Bryant added.