Google researcher gives Microsoft 5 days to fix XP zero-day bug
Posted on: 06/10/2010 09:32 PM

Computerworld posted a story that a Google engineer today published attack code that exploits a zero-day vulnerability in Windows XP

Google researcher gives Microsoft 5 days to fix XP zero-day bug


According to Tavis Ormandy, a security engineer who works for Google in Switzerland, hackers can leverage a flaw in Windows' Help and Support Center, which lets users easily access and download Microsoft help files from the Web and can be used by support technicians to launch remote support tools on a local PC.

Ormandy posted details of the vulnerability and proof-of-concept attack code to the Full Disclosure security mailing list early Thursday. "Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user," Ormandy wrote.



Printed from NT Compatible (https://www.ntcompatible.com/news/story/google_researcher_gives_microsoft_5_days_to_fix_xp_zero_day_bug.html)