For those of us that still use or have XP loaded...
******* exploit Windows XP zero-day, Microsoft confirms
Computerworld - ******* are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft confirmed today.
Although Microsoft did not share details of the attack, other researchers filled in the blanks.
A compromised Web site is serving an exploit of the bug in Windows' Help and Support Center to hijack PCs running Windows XP, said Graham Cluley, a senior technology consultant at antivirus vendor Sophos. Cluley declined to identify the site, saying only that it was dedicated to open-source software.
"It's a classic drive-by attack," said Cluley, referring to an attack that infects a PC when its user simply visits a malicious or compromised site. The tactic was one of two that Microsoft said last week were the likely attack avenues. The other: Convincing users to open malicious e-mail messages.
According to Microsoft, the exploit has since been scrubbed from the ****** Web site, but it expects more to surface. "We do anticipate future exploitation given the public disclosure of full details of the issue," said Jerry Bryant. Microsoft's group manager of response communications.
The vulnerability was disclosed last Thursday by Tavis Ormandy, a security engineer who works for Google. Ormandy, who also posted proof-of-concept attack code, defended his decision to reveal the flaw only five days after reporting it to Microsoft -- a move that Microsoft and other researchers questioned.
Source ******* exploit Windows XP zero-day, Microsoft confirms - Computerworld
Tool/fix provided - Microsoft Fix It
Yes I know this is a Seven forum but some of us still keep XP around, even if we don't use it ;)
And let's not forget "XP Mode with Virtual PC" :)