n/a
shares
Be First to Share ->
Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn
+
What's This?
Last week, google published a zero-day windows vulnerability that one of their engineers had discovered. Yesterday, Microsoft confirmed that the exploit was being used by hackers.

Apparently, a hacked website is using the bug in windows‘ Help and Support Center as a “drive-by” attack, and hijacking PCs that are running windows XP. A drive-by attack is one that will affect your PC if you simply visit a website, as opposed to those that trick users into running code on their machine via fake emails or infected programs.

Microsoft declined to name the specific site that was serving the exploit, though they did say it was a site dedicated to open source software. The exploit has since been shut down.

The bug however, published last week by google security engineer Tavis Ormandy, remains in XP. Of course Ormandy published the damn thing, complete with proof-of-concept attack code, less than a week after he reported it to Microsoft, leaving the Redmond company with little time to patch it before it was made public.

Ormandy claims he released it so quickly because Microsoft wouldn’t commit to a release schedule within 60 days, though Microsoft claims that they were going to give Ormandy a release date by the end of the week, and were surprised when he published the bug so quickly.

Regardless of whether or not Ormandy should have published or waited, the exploit is now public, and it’s being used. So if you’re running XP, we suggest you hit the Microsoft site to read the security advisory for a manual fix, or download the “Fix It” tool they published that should help block attacks until an official patch is released.

Source: technology/it/article/hackers-use-google-published-exploit-to/”>Technorati

Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn
+

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I agree to have my personal information transfered to MailChimp ( more information )

I will never give away, trade or sell your email address. You can unsubscribe at any time.