Welcome to WebmasterWorld Guest from 54.144.114.177

Forum Moderators: bill

Message Too Old, No Replies

Hackers Go For Systems With Unpatched XP Bug

     
1:25 pm on Jul 1, 2010 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22318
votes: 240


Hackers Go For Systems With Unpatched XP Bug [news.bbc.co.uk]
Hi-tech criminals are "escalating" attacks on an unpatched bug in the Windows XP help and support system.

Microsoft said it had seen more than 10,000 machines hit by the attack that, so far, it has not found a fix for.

Windows PCs falling victim will have control of that machine handed over to attackers.

Microsoft said the attacks had gone from theoretical to real very quickly and urged users to take steps to protect themselves.

Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885) [blogs.technet.com]
1:50 pm on July 1, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 17, 2004
posts:1354
votes: 0


No fix yet? Microsoft better get their act together then!
2:33 pm on July 1, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


I have a dual-boot system (Linux and XP). I have my networking disabled in XP. I literally only boot XP if I have to for my Quickbooks software (a few times a year).

I know I may sound crazy, but I'm afraid to be logged on to the internet while in XP. I've had too many issues in the past.
4:08 pm on July 1, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


You have to admire Microsoft - they even make the workaround vastly more complicated than necessary!

Simply rename the registry key HKEY_CLASSES_ROOT\HCP to something like HKEY_CLASSES_ROOT\HCP_

When the fix is released and installed, restore the key name.

Kaled.
5:44 pm on July 1, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


In addition to the mitigations listed in the advisory, customers using Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform have had coverage for this exploit since June 10th through the following two antimalware signatures:

* Exploit:Win32/CVE-2010-1885.A
* Exploit:Win32/CVE-2010-1885.gen
Signature builds 1.83.1561 and later contain both signatures.

Payloads are detected by the signatures mentioned above.
7:21 pm on July 1, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 30, 2006
posts:1599
votes: 1



Microsoft Security Essentials


that is what I use and i find it better then any 3rd party solution.
7:00 pm on July 2, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 19, 2003
posts:701
votes: 0


Kaled, thanks for that tip, which makes perfect sense as a temporary 'fix'.