[ISN] Hackers exploit Windows XP zero-day, Microsoft confirms

From: InfoSec News <alerts_at_private>
Date: Wed, 16 Jun 2010 00:24:11 -0500 (CDT)
http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms

By Gregg Keizer
Computerworld
June 15, 2010 

Hackers are now exploiting the zero-day Windows vulnerability that a 
Google engineer took public last week, Microsoft confirmed today.

Although Microsoft did not share details of the attack, other 
researchers filled in the blanks.

A compromised Web site is serving an exploit of the bug in Windows' Help 
and Support Center to hijack PCs running Windows XP, said Graham Cluley, 
a senior technology consultant at antivirus vendor Sophos. Cluley 
declined to identify the site, saying only that it was dedicated to 
open-source software.

"It's a classic drive-by attack," said Cluley, referring to an attack 
that infects a PC when its user simply visits a malicious or compromised 
site. The tactic was one of two that Microsoft said last week were the 
likely attack avenues. The other: Convincing users to open malicious 
e-mail messages.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Tue Jun 15 2010 - 22:24:11 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 15 2010 - 22:32:30 PDT