Slashdot Mirror


Miscreants Exploit Google-Outed Windows XP Zero-Day

CWmike writes "A compromised website is serving an exploit of the bug in Windows' Help and Support Center, identified by a Google engineer last week, to hijack PCs running Windows XP. Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software. 'It's a classic drive-by attack,' said Cluley. The tactic was one of two that Microsoft said last week were the likely attack avenues. (The other was convincing users to open malicious e-mail messages.) The vulnerability was disclosed last Thursday by Google security engineer Tavis Ormandy, who also posted proof-of-concept attack code. Ormandy defended his decision to reveal the flaw only five days after reporting it to Microsoft. Cluley called Ormandy's action 'utterly irresponsible,' and in a blog post asked, 'Tavis Ormandy — are you pleased with yourself?'"

7 of 497 comments (clear)

  1. Nice quote. by ArbitraryDescriptor · · Score: 5, Funny

    Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software.

    Ballmer should be able to spin that into a win: "To be safe, all XP users are advised to avoid open source software stuff. It has viruses."

  2. Unbelieviable by Jean-Luc+Picard · · Score: 3, Funny

    A security flaw being exploited, via the Internet no less ! I am shocked and outraged ! /s

  3. Let me get this straight... by pem · · Score: 3, Funny

    Google is supposed to learn morals from Microsoft and its toadies?

  4. JUNE 15th... by mbeckman · · Score: 4, Funny

    A day that will live in Ormandy.

  5. The elephant in the room by Ironchew · · Score: 4, Funny

    Graham Cluley...declined to identify the site, saying only that it was dedicated to open source software.

    Begging the question: was it Slashdot?
    [/humor]

  6. Re:Ormandy did excercise responsible disclosure by Barny · · Score: 3, Funny

    I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...

    I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...

    I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...

    I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...

    --
    ...
    /me sighs
  7. Re:Dear Microsoft by mcrbids · · Score: 2, Funny

    Cite: TFA.

    What is this "TFA" of which you speak?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.