Hackers Target XP Help & Support System.

Hernan,

thanks for this reminder.

I had reported the vulnerability at dell 3 weeks ago, here:  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19335473.aspx

but it has "fallen" down a few pages on the forum listing (I will "bump" it to the top again, after I finish this reply).

the microsoft automated "fix it" #50549 can be found here  http://support.microsoft.com/kb/2219475

Note:   Be careful with the terminology here:   FixIt 50459  ENABLES the HelpCenter Fix... by DISABLING HCP Protocol.

I have implemented the work-around on at least two XP systems so far, and have not encountered any problems (so far??).  in particular, the Help and Support Center can still be accessed via hitting the F1 key.

Thank David.

I have been busy. A little out of touch lately. Many things to read to keep up.

Regards.

1 - 10,000 PCs out of 500,000,000 = 0.02 percent

2 - XP is two versions old

3 - According to Trend Micro in the article, individuals are not keeping their AV up to date

I just do not see the issue!

"...customers using Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform have had coverage for this exploit since June 10th through the following two antimalware signatures:

• Exploit:Win32/CVE-2010-1885.A
• Exploit:Win32/CVE-2010-1885.gen
  Signature builds 1.83.1561 and later contain both signatures."'

http://www.facebook.com/home.php?filter=nf#!/notes/microsoft-malware-protection-center/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885/409806793925

Unless your system falls into that .02%! There is no problem unless of course it happens to oneself, or a system that you are responsible for.

Jeff

The point was, it is no worst than many other things out there.  It is a threat, but the world is not comming to an end.

i believe the intent of this (and many other) thread(s that are posted in this forum) is

1) to alert people that a known vulnerability exists...  that in fact, it is currently being exploited; and

2) there is a simple-to-implement workaround available that will help mitigate the issue.

Users who are concerned may then choose to pursue the advice.   Users who are not concerned... or who believe they're impervious to attack (by virtue of their other defenses, safe-surfing, or omniscience), may choose to ignore it.

But KNOWLEDGE is always good.   Inform the multitudes, so that they may be able to decide for themselves.   [I'd be willing to bet that if this information wasN'T readily available to the general public, then the number of computers getting infected would be significantly greater.]

Well said, ky331.

But KNOWLEDGE is always good.   Inform the multitudes, so that they may be able to decide for themselves.

Eventhough I missed your OP about this exploit, and the attack has been seen in about 10.000 machines, mostly in Europe (0.2%)???. There are still millions of XP OS around and the exploit is relatevely new, less than 30 days old. In the article said it well:

"Initially, said Microsoft, it only saw "innocuous" attacks by researchers attempting to replicate what Mr Ormandy had found."

"Real exploits turned up on 15 June and these have been enthusiastically adopted by hi-tech criminals."

I think it is better to be prepared than sorry later. I mean for us with old OS like XP.

Regards.

The "official" fix is now available.

If you've applied the "work-around" fixit #50459, you should UNdo it by running fixit #50460.

Then apply today's Microsoft Update MS10-042 

David.

Thank you for the update and the fix-it numbers, specially the UN-do # 50460.

Regards.