Over 10,000 XP machines attacked by unpatched vulnerability

By on July 1, 2010, 8:36 PM
Users of Windows XP may want to double down on security until Microsoft deals with a recently identified flaw (CVE-2010-1885). A Google engineer found the hole last month and at first, Microsoft said it only saw "legitimate researchers testing innocuous proof-of-concepts" but it didn't take long for malicious hackers to prey on the vulnerability.

The hole apparently lies in the Windows Help and Support Center software that is included with Windows XP. Attackers are using various methods to take advantage of the bug, and payloads vary greatly. Microsoft has released a list of some of the payloads detected so far. Most are Trojans, and you can find the list toward the end of this blog post.

To date, Microsoft believes over 10,000 separate machines have been attacked at least once by means of the flaw. Those systems are scattered all around the globe, with attacks logged in about 20 countries. The largest number of attacks are taking place in Portugal and Russia about ten times the global average (where the US sits), to be precise.

According to the security advisory posted for CVE-2010-1885, Windows XP SP2 and SP3, Windows XP Professional x64 SP2, Windows Server 2003 SP2, Windows Server 2003 x64 SP2, and Windows Server 2003 with SP2 for Itanium-based systems are all affected. However, in the executive summary, Microsoft says Windows Server 2003 systems are not currently at risk.

The company is working on a fix and may release an out-of-band patch, but until then, users can use a one-click Fix-It tool to disable the Help Center. You can also delete HPC manually by following the brief instructions posted under "Workarounds" on the Security Advisory page, and be sure to create a backup as directed.

User Comments: 11

Got something to say? Post a comment
Guest said:

With this issue and the Conficker or Downadup Worm of rescent past, it may pay for Microsoft to start investigating their own workforce. The word gets on the streets too quickly for this to be some anonymous prankster. It seems as soon as a vulnerability is discovered, there is something there to take advantage of it.

Kibaruk Kibaruk, TechSpot Paladin, said:

@Guest: That is a really stupid comment.

You know there are groups, even contests where normal people get paid to breach or find bugs for their software? You really think that microsoft knowing of the flauds would just put it out so they get bad reputation (They DO care believe it or not, specially with all the cheers open-source is getting nowadays)?

Darkshadoe Darkshadoe said:


Guest's response isn't stupid at all. It is quite possible Microsoft could put a virus out there to try to get people to switch to Win7. They aren't making money off of Xp anymore and its not like any company never resorted to dirty tactics to increase profit. Until the facts are known, all any of us can do is guess what happened. It could be a disgruntled MS employee for all we know.

Guest said:

Really! You think that all the employees at Microsoft, some 30-40,000 employees are so satisfied with their job that they wouldn't dream of moonlighting or, even sabotage? Be for real. I'm certain that there is at least one who thinks they can teach someone a little something about security in the Microsoft line of software. Like I said before, the word of the XP vulnerability was out with code to take advantage of this within a month of its discovery. How long has XP been out? Since October 2001, XP has been available and just now they discover this. And within the month, the code is out to take advantage of it. Same thing applies with the Conficker Worm. Microsoft discovered a flaw in their code and thus, came up with the update MS08-067 to patch it. Well, the Conficker Worm arrived on the scene just as the patch was put out. While the antivirus gurus were doing battle with this worm; with the help of Microsoft, they discovered that it was encrypted with 512-bit encryption. When the author of the Worm realized that they were on to his code, it was changed to MD6 encryption which was still incomplete and still in experimental stage and it uses 4096 bit encryption. So, all I am saying is someone at Microsoft may be a little disgruntled or leaking it out or, they have some shady accomplices and maybe Microsoft should look into it.

raybay said:

Right. It only takes one.

Guest said:

@ Guest: Maybe it's you? LOL Sorry couldn't resist.

tengeta tengeta said:

10,000 machines? Seems less than the iPad issue, but thats just me, a Microsoft fanboy.

Reloader2 said:

@Guest you watch to many films...

DP9225 said:

And you look at the world through rose colored lenses.

Kibaruk Kibaruk, TechSpot Paladin, said:

Indeed... seems like you watch too many films...

So, if they have to change from their OS and costumers are not satisfied with Microsoft, what makes you think they will go and pay more money for another Windows when they can easily switch to some linux distro like Ubuntu, most (Most as the other huge percent of population who only use computers to check mail, the web, and so) of computer users don't even need that much, specially with Chrome OS comming microsoft needs to be at peace with customers.

To those who think in 1 people making a bug so everyone gets screwed... think in Betas, in RC, and all the other stages that are before them. Too many films...

TJGeezer said:

I like to blame the movies too. In fact, it's probably all Mel Gibson's fault. Him, or all those teenage immigrant welfare mothers on drugs.

Seriously, I doubt Microsoft would intentionally put out bugs that could cause its users all kinds of grief. What's a little harder to explain is why, after trumpeting its own hard focus on system and data security for so song, Microsoft classified the bug as a proof of concept nothing, no problem here, move along folks, for a whole month. And now that the horse is out, it's scrambling to shut the barn door. Don't see how that makes any kind of sense.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.