Microsoft: Attacks on Unpatched Windows Flaw
Brian Krebs writes on Security Fix:
Microsoft warned today that hackers are targeting a previously unknown security hole in Windows XP and Windows Server 2003 systems to break into vulnerable PCs. Today's advisory includes instructions on how to mitigate the threat from this flaw.More here.
In a security alert posted today, Microsoft said the vulnerability could be used to install viruses or other software on a victim's PC if the user merely browsed a hacked or booby trapped Web site designed to exploit the security hole. Redmond says at this time it is aware of "limited, active attacks that exploit this vulnerability."
Microsoft doesn't define "limited, active" attacks in the context of this vulnerability, but the SANS Internet Storm Center is reporting that thousands of newly compromised Web sites have been seeded with code that exploits this vulnerability. SANS also says instructions for exploiting the vulnerability have been posted to a number of Chinese Web sites.