MS10-042 is already available to patch the vulnerability

Jul 15, 2010 11:12 GMT  ·  By

Attacks against a Critical vulnerability affecting Windows XP are on the increase, Microsoft revealed, urging customers to take the necessary measures in order to protect themselves as soon as possible. The Redmond company has already released a patch for the Help and Support Center flaw, which is designed to resolve the issue on both of the platforms that are vulnerable, Windows XP and Windows 2003. More recent releases of Windows, including Windows Vista and Windows 7 do not contain the vulnerable code, the software giant explained.

“As of midnight on July 12 (GMT), over 25,000 distinct computers in over 100 countries/regions have reported this attack attempt at least one time,” noted Holly Stewart, MMPC. Microsoft first informed of automated attacks targeting the vulnerability in Help and Support Center a few weeks ago, and issued signatures for its security products set up to protect users from exploit attempts.

“These attack attempts have continued to expand and some new attack patterns have come into play. The attacks that we have witnessed in the wild work only on Windows XP (not Windows 2003). Early on, we saw attackers incorporate code to single out Windows XP targets, but more recently the attackers have been less discriminant, attempting this attack on a variety of operating systems, about half of which were not susceptible because the exploit code could have only been successful on a vulnerable version of Windows XP,” Stewart added.

The best course of action for customers is to apply MS10-042 as soon as possible. Details about this vulnerability were disclosed in the wild by the security researcher who came across the problem, a move which led to the over 25,000 attacks reported to Microsoft. “These reports come from machines using our protection products and services, such as Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform,” Stewart said.

Follow me on Twitter @MariusOiaga.

Photo Gallery (2 Images)

Windows XP
Attack attempts
Open gallery