facebook rss twitter

Microsoft sees rise in attacks on XP machines

by Pete Mason on 5 July 2010, 08:48

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qayya

Add to My Vault: x

An announcement from Microsoft last week warns that it has observed a marked increase in zero-day attacks exploiting a vulnerability in Windows Help and Support Centre on machines with Windows XP operating system. The exploit, which was discovered by a Google engineer and officially disclosed by Microsoft on June 10th, has now been reported on at least 10,000 unique machines.

According to Microsoft’s Holly Stewart: “In the past week...attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution”. The company’s statistics suggest that the majority of computers being affected by the exploit are in the United States, Russia, Portugal, Germany, and Brazil. Of those, Portugal and Russia have the highest concentration of affected machines, with the former seeing almost one in every 200 machines impacted.

XP

The attacks require users to visit an infected website, frequently via a link in an email. This will then download various Trojans, viruses and other Malware to the user’s computer by exploiting the vulnerability. Microsoft has reported that the program Obitel has been included in many of the recent attacks, which acts by downloading other malware.

Systems running 32- and 64-bit versions of Windows XP as well as those running 32-bit, 64-bit and IA-64 versions of Windows Server 2003 are all potentially at risk. Though Microsoft has yet to release a fix for the exploit, the company has provided a number of workarounds to limit the vulnerability in a security advisory. The announcement also points out that all Microsoft security software is capable of detecting and stopping software that is attempting to make use of this exploit.


HEXUS Forums :: 5 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by abaxas - Mon 05 Jul 2010 10:35
In other news…..

VW says the previous Golf is a deathtrap, upgrade to the latest one immediatly.
Posted by rabbid - Mon 05 Jul 2010 10:50
abaxas
In other news…..

VW says the previous Golf is a deathtrap, upgrade to the latest one immediatly.

yeah, you get that feeling don't you? “xp isnt safe so buy win7.” kinda thing!

Anyway from their bulletin do this (backup and delete HCP entry):

“Unregistering the HCP Protocol prevents this issue from being exploited on affected systems.

Using the Interactive Method
1.
Click Start, click Run, type Regedit in the Open box, and then click OK

2.
Locate and then click the following registry key:

HKEY_CLASSES_ROOT\HCP

3.
Click the File menu and select Export

4.
In the Export Registry File dialog box, enter HCP_Procotol_Backup.reg and click Save.

Note This will create a backup of this registry key in the My Documents folder by default.

5.
Press the Delete key on the keyboard to delete the registry key. When prompted to delete the registry key via the Confirm Key Delete dialog box, click Yes”

Feel safer already :)
Posted by usxhe190 - Mon 05 Jul 2010 11:18
So only Windows XP is affected??? Stop telling people to upgrade, Microsoft!!
Posted by spoon_ - Mon 05 Jul 2010 12:12
Typical ;)
Posted by joel_spencer - Tue 06 Jul 2010 03:06
When I did my last slip stream install I removed the help files thus negating the issue I would think. Used Nlite.