Controversial Windows XP vulnerability now being exploited

The flaw allows remote code execution on victims' PCs

The Windows XP exploit that was published by a Google engineer last week is now being exploited in the wild, according to researchers at Sophos Labs.

The vulnerability, which could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message, was published by Tavis Ormandy just five days after he alerted Microsoft to the problem.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Sophos reported Tuesday that its labs received the first proactive detection on malware that is spreading via a compromised Web site. "This malware downloads and executes an additional malicious component (which will shortly be detected as Troj/Drop-FS) on the victim's computer, by exploiting this vulnerability," according to a blog post on the Sophos site.

Ormandy's publication of the vulnerability's details have been the subject of much criticism in the last week. Ormandy, who said the exploit is possible through most browsers, posted details of the vulnerability and proof-of-concept code to the Full Disclosure listserv -- only days after giving Microsoft the information.

Many said with his publication, Ormandy had ignored the rules of responsible disclosure of security vulnerabilities. Ormandy said he went public with the information because he believed his discovery would have otherwise been dismissed by Microsoft.

Read more about data protection in CSOonline's Data Protection section.

This story, "Controversial Windows XP vulnerability now being exploited" was originally published by CSO.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies