News - Security Issues

Criminals Exploit New Windows XP Zero-Day Attack

Microsoft said Wednesday that it logged more that 10,000 attacks based on a newly discovered Windows XP flaw. Initially Microsoft noticed this exploit resulting from tests performed by legitimate researchers. Then, according to a Microsoft blog, “early on June 15th, the first real public exploits emerged.”

Microsoft said the initial attacks seemed to focus on downloading Obitel, a malware that downloads other malware. However, the attacks then began to download various Trojans and a virus.

Robert McMillan at Computerworld.com reports the exploit “in all these attacks lies in the Windows Help and Support Center software that comes with Windows XP.”

Microsoft states, “Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers.” Depending on customer need, the fix may come by a regularly scheduled security update or an earlier update.

For more information concerning this exploit, see Microsoft Security Advisory (2219475).