10,000 XP machines attacked through 0-day flaw

[begood]

The Windows Help and Support Center vulnerability, the details of which have recently been made public by researcher Tavis Ormandy, is being heavily exploited in the wild.

According to a recent post on Microsoft's Malware Protection Center Blog, public exploitation of the vulnerability started on June 15th, but those attacks were probably undertaken by other researchers, since they were targeted and rather limited.

After that, the attacks became more widespread, and the targets more numerous. Microsoft claims that as of yesterday, over 10,000 separate computers have reported witnessing this attack. Computers in Portugal and Russia have seen by far the highest concentration of attacks:

The attacks only increased with time. Microsoft started seeing "seemingly-automated, randomly-generated HTML and PHP pages hosting this exploit", and the goal of the attacks was to plant Trojans and viruses on the targeted system.

For those users who don't use Microsoft's security solutions with updated signatures for the detection of the exploit, the company advises implementing the workaround listed in the advisory.

cum sa va protejati de acest exploit :

intrati in regedit via Start->run-> scrieti regedit.

intrati pe cheia HKEY_CLASSES_ROOT\HCP

de la file -> export ii faceti un backup sub numele de HCP_backup.reg

apoi o stergeti cu tasta delete.

Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

Edited July 1, 2010 by begood

[AlStar]

Multumim pentru avertizare si solutie, begood.

Ormandy ala e tare Intai Java, acu' Microsoft. Are Gogu' cu ce sa se mandreasca.

[Flubber]

Pai e si normal, la ce altceva trebuiau sa se astepte cei de la Micro$oft? Logic ca au inceput oamenii sa exploiteze la greu si cred ca majoritatea vor sa faca botneti, rezultand un numar asa mare de "atacuri".

Multumesc pentru fix!