Hackers are exploiting the vulnerability disclosed last week in the Windows Help and Support Center functions for Windows XP and Windows Server 2003. In a traditional drive-by attack a website has been compromised to serve an exploit, which can hijack computers running Windows XP.
Symantec has received about 300 pings from in-field products globally in more than 20 countries. This has a severity of around six or seven, when using a scale of one to ten, with ten being the most severe. We expect this severity to continue to rise while the issue is unpatched from Microsoft. Microsoft said the exploit has since been removed from the site. However, they expect additional exploitation due to the public disclosure of the details.
Read the rest of this entry »