More than 25000 computers in more than 100 regions across the globe have reportedly been attacked in last few weeks. The reason for the attack was a flaw in the Support system in the Microsoft Operating Systems. Last month, a Security Engineer from Google found out a zero-day flaw that affected specially the Windows XP, 2003 operating systems from Microsoft. The Microsoft has urged its users to patch the Support Center flaw.
The Security engineer Tavis Ormandy identified a flaw in the Windows Help and Support Center. An easy access to this flaw can be made via hcp://’ protocol handler. If a hacker exploits the flaw correctly, he can have full access to the PC working on the Windows XP and 2003 operating systems. According to Tavis Ormandy, the attack is enhanced against Internet Explorer versions greater than or equal to 8 and also over other web browsers if the Windows Media Player is available on the system. Even without the availability of Windows Media Player, the installation is vulnerable. Systems using the lower running versions of Internet explorer are experiencing a greater threat. As per Ormandy, unregistering the hcp protocol will manage to shut down important functions of the Windows OS. It is possible to disable all local as well as legitimate help links if one exploits the flaws in the Help and Support Center. One can disable the links in the Control panel using the flaw in the support center.
Microsoft has criticized Tavis Ormandy for public disclosure of the flaw. According to Microsoft, a public disclosure of the flaw found in Help and Support Center of Windows Operating system have made the attacks more crucial. Moreover, Tavis Ormandy has made a public disclosure of the details to exploit the flaws that has made things even more difficult for Microsoft. Microsoft had to rush to mend the flaw. In addition, the disclosure increased the possibility of more attacks on the Windows Operating systems. Microsoft had although confirmed that Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable. Tavis Ormandy on the other hand regrets his move of publicly disclosing the full details of the flaw. It is worth stating here that Tavis Ormandy is the same person who published flaws in Java that Oracle was declining to patch in April 2010.
Microsoft’s Malware Protection Center or MMPC had confirmed more than 10,000 attacks due to the flaw in the SupportCenter a few weeks back. Microsoft confirmed that the signatures Microsoft had made in their protection products found out the automated attacks. The attacks kept on increasing and changed their pattern with time. More than 25000 systems had reported attacks by 12 July 2010. Russia and Portugal confirmed maximum number of targets but UK is observing an increase in number of attacks in the past few days. MMPC Threat Research has stressed on applying the update for the flaw of Help and Support Center that has been made available by the Microsoft. The update is critical and needs to be applied immediately to Windows XP and 2003 servers.