Add to del.icio.us     Digg this

June 16, 2010

Internet security analysts have discovered a critical security flaw in Microsoft's Windows XP operating system that is currently being exploited by hackers. The security hole was discovered by anti-virus provider Sophos late yesterday.

Specifically, the issue resides in the Windows Help and Support Center feature that was disclosed last week by researcher Tavis Ormandy. His public advisory came just five days after he privately informed Microsoft of the problem, prompting fierce criticism from some circles that he hadn't given Microsoft adequate time to repair the OS.

That simply made it a lot easier for criminal hackers to target the OS flaw, which allows attackers to take full control of compromised computers when a user views a specially designed Web site, the security experts complained.

Microsoft then soon amended its own advisory on the security vulnerability to tell researchers that they are “fully aware of limited and targeted active attacks that use this exploit code.”

Though the vulnerability also afflicts Windows Server 2003, Microsoft's advisory said that OS wasn't “currently at risk from these attacks.”

Ormandy's security advisory bulletin has reignited the age-old debate over full disclosure, in which researchers publish complete details of a security flaw under the belief that it is the best way to ensure a company fixes it rapidly.

Nevertheless, Ormandy has defended his actions to give Microsoft just five days of advanced warning saying in a recent post “I'm getting pretty tired of all the five days hate mail. Those five days were spent trying to negotiate a fix within sixty days.”

And according to Sophos, researchers have seen the first case of a website using the same vulnerability to install malicious software on victim's PCs and workstations.

“This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s PC by exploiting this vulnerability,” Sophos warned.

Users of Microsoft's XP and Server 2003 operating systems should consider disabling features within Help Center that allow admins to remotely log onto PCs and servers.

For individual users, the easiest way to do this is to use the online “Fixit” application Microsoft has provided with the OS.

Add to del.icio.us     Digg this

Source: Sophos.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.