Last month Google engineer Travis Ormandy revealed a flaw in the Windows Help and Support Center in Windows XP. Reports indicated that he contacted Microsoft on June 5 about the issue, however Ormandy claimed on his Twitter page that he couldn't convince Microsoft to fix the issue within sixty days. Taking matters into his own hands, the Google engineer went public with his findings.
With the exploit out in the open, Windows XP users are now getting hit by attacks. Holly Stewart of the Microsoft Malware Protection Center said that they have logged more than 10,000 attacks since news of the exploit went live. The largest targets in terms of attack volume have been the United States, Russia, Portugal, Germany, and Brazil, however PCs located in Russia and Portugal have received a high concentration.
"At first, we only saw legitimate researchers testing innocuous proof-of-concepts," she said. "Then, early on June 15th, the first real public exploits emerged. Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution."
In a recent statement Symantec said that the attacks really peaked last week. "Symantec has seen increased activity around this vulnerability. The increased activity started around June 21 and peaked around June 26 and 27," the security vendor said.
Microsoft issued a security advisory on June 10, and was last updated on June 15. It provides a workaround for now, outlining ways to turn off the Windows Help Center Protocol (HCP). Although Microsoft is slated to release security updates on July 13, it's unknown whether the update will address the current HCP issue.