KrebsOnSecurity reports “Microsoft is warning that hackers have ramped up attacks against an unpatched, critical security hole in computers powered by Windows XP and Server 2003 operating systems. The software giant says it is working on an official patch to fix the flaw, but in the meantime it is urging users to apply an interim workaround to disable the vulnerable component.” Microsoft issued a statement last week saying the pace of attacks against Windows users had picked up, and that more than 10,000 distinct computers have reported seeing this attack at least one time.
The following graphic from Krebs’ blog shows both the daily number of attacks and the cumulative distinct PCs being attacked. As can be seen, peak attacks occurred during the six days from June 22 until June 27.
IT Departments running Windows XP or Server 2003 need to consider running Microsoft’s stopgap “FixIt” tool to disable the vulnerable Help Center component. Users running Windows XP should consider doing this as well. To do so, click this link, then click the “FixIt” button in the middle of the page under the “enable this fix” heading.