Security 10748 Published by

Computerworld posted a story that a Google engineer today published attack code that exploits a zero-day vulnerability in Windows XP



According to Tavis Ormandy, a security engineer who works for Google in Switzerland, hackers can leverage a flaw in Windows' Help and Support Center, which lets users easily access and download Microsoft help files from the Web and can be used by support technicians to launch remote support tools on a local PC.

Ormandy posted details of the vulnerability and proof-of-concept attack code to the Full Disclosure security mailing list early Thursday. "Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user," Ormandy wrote.
  Google researcher gives Microsoft 5 days to fix XP zero-day bug