Slashdot Mirror


Miscreants Exploit Google-Outed Windows XP Zero-Day

CWmike writes "A compromised website is serving an exploit of the bug in Windows' Help and Support Center, identified by a Google engineer last week, to hijack PCs running Windows XP. Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software. 'It's a classic drive-by attack,' said Cluley. The tactic was one of two that Microsoft said last week were the likely attack avenues. (The other was convincing users to open malicious e-mail messages.) The vulnerability was disclosed last Thursday by Google security engineer Tavis Ormandy, who also posted proof-of-concept attack code. Ormandy defended his decision to reveal the flaw only five days after reporting it to Microsoft. Cluley called Ormandy's action 'utterly irresponsible,' and in a blog post asked, 'Tavis Ormandy — are you pleased with yourself?'"

3 of 497 comments (clear)

  1. Nice quote. by ArbitraryDescriptor · · Score: 5, Funny

    Graham Cluley, a senior technology consultant at antivirus vendor Sophos, declined to identify the site, saying only that it was dedicated to open source software.

    Ballmer should be able to spin that into a win: "To be safe, all XP users are advised to avoid open source software stuff. It has viruses."

  2. JUNE 15th... by mbeckman · · Score: 4, Funny

    A day that will live in Ormandy.

  3. The elephant in the room by Ironchew · · Score: 4, Funny

    Graham Cluley...declined to identify the site, saying only that it was dedicated to open source software.

    Begging the question: was it Slashdot?
    [/humor]