According to foreign media reports, Microsoft confirmed on Tuesday that hackers have begun to take advantage of the zero-day Windows XP vulnerability announced last week by Google engineers. Although Microsoft did not disclose too much details, other researchers provided relevant information. Graham Cluley, Senior Technical Consultant of Network Security Company Sophos, said hackers have tampered with a website and used the vulnerability to attack Windows XP users, however, he did not disclose the website information.
Kruli said that Windows XP users can be infected as long as they access websites with malicious code. This is one of the two attack methods announced by Microsoft. Another way is to spread malicious code by email.
Microsoft said the hacked website has deleted malicious code, but more attacks may occur in the future. Jerry Bryant, general manager of Microsoft's security response center, said: "As the complete details of this issue have been published, we expect more attacks in the future ."
Google's security engineer Tavis Ormandy disclosed Microsoft's security vulnerability last Thursday and announced a series of "proof-of-concept) attack code. However, Ormandy said that he had reported the vulnerability to Microsoft five days ago, but the vulnerability was still challenged by Microsoft and other researchers.
Google announces ahead
Kruli said in his blog that omandi's behavior was "totally irresponsible ". He said: "five days is not enough for Microsoft to develop a patch. Microsoft needs to perform a thorough test to ensure that no more problems are generated to fix this vulnerability ."
Ormandy told Twitter last week that he announced the vulnerability because Microsoft did not promise to fix it within 60 days. Microsoft confirmed that the company team had discussed the patch release time with ormandi.
Microsoft released a security suggestion for the vulnerability last Thursday. In addition to recognizing the existence of the vulnerability, it also provided a temporary solution to help users prevent attacks. The next day, a tool was released to automatically cancel the HCP protocol processor. Microsoft said that this action can help users block attack channels before the release of security patches.
Kruli said that the attack code currently used by hackers is very similar to the "concept Verification" attack code provided by Ormandy. Other security experts believe that this is entirely expected.
Microsoft said that although Windows Server 2003 also contains this vulnerability, the system is currently not threatened by related attacks.
According to the general plan, Microsoft's next patch release date is July 13, but it will continue to break the general rule in emergencies. However, Microsoft did not comment. "We will continue to monitor the threat situation and release the latest information through our blog and Twitter," he said ."