A security vulnerability in Microsoft Windows XP systems that was first disclosed a week ago is now being actively exploited by malicious Web sites to foist malware on vulnerable PCs, according to reports.
Last week, Google researcher Tavis Ormandy disclosed the details of a flaw in the Microsoft Help & Support Center on Windows XP and Server 2003 systems that he showed could be used to remotely compromise affected systems. Today, experts at security firm Sophos reported that they’re seeing the first malicious and/or hacked sites beginning to exploit the bug.
If you use Windows XP and have not yet taken Microsoft up on its suggestion to disable the vulnerable Help & Support Center component, please consider taking a moment to do that today. Until Microsoft issues an official fix for this flaw, the workaround they suggest is an easy and apparently painless one. The instructions are available at this link.
Update, June 17, 9:20 a.m. PST: Updated post to include link to Microsoft “FixIt” tool.