If you are the owner of Windows XP or Windows Server 2003 you are at risk of a pretty significant hack – at least for the time being.
It’s an attack on the “Windows Help Center”. The bad news about this attack is that some unwitting, or perhaps witting, genius at Google published how someone can execute the attack without considering the risk he was exposing all XP users to. The fellow’s name is Tavis Ormondy, a Google security researcher. Come on Tavis – use some common sense and do the right thing. As a result of his error in judgement systems in Europe are experiencing a significant peak in hacks. The U.S. may be next.
So, right now, as of today, if you are using Windows XP or running a Windows Server 2003 for your business you are at risk. If you visit a web site that is exploiting the security hole your machine could be in big trouble – which is why I’m writing this article – to get the word out.
The vulnerability exists in the Windows “Help Center”. Yes – the same one that provides automated updates. I won’t bore you with the details but you can download a temporary fix that will protect you from attack but it is not a permanent fix. My understanding is that the download will also disable some help center functionality. But I recommend you do it as soon as possible. You can download the fix at http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx.
This is probably a pretty good time to upgrade to Windows 7 if you’ve been thinking about it. My understanding is that a permanent fix could be as long as 2 months away – due to testing and all of the other stuff involved in a release.
Here is an informative Computer World article on the subject: http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms