It didn't take long for digital ne'er do gooders to actively exploit a new Windows XP flaw discovered by a Google engineer last month. In a blog post on Wednesday, Microsoft said it noted some 10,000 "distinct computers" have fallen prey to the attack.
"At first, we only saw legitmate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said. "Those intial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."
Microsoft also said the attacks are no longer limited to specific geographies, noting outbreaks in Portugal, Russia, Croatia, Germany, Spain, Greece, Turkey, Saudi Arabia, Brazil, and several others, including the United States.
The exploit involves a vulnerability in the Windows Help and Support Center software that comes with Windows XP. In short, the attack is being used to download various malware, as well as a piece of software called Obitel that...downloads more malware. Go figure.
Microsoft has acknowledged that it is aware of a zero-day vulnerability in the HCP protocol. It learned about the threat on June 5, 2010 from Google security engineer Tavis Ormandy, who barely waited four more days before making the details of the threat public, complete with his proof-of-concept exploit code.
Microsoft took a dim view of Ormandy’s eagerness to make a public disclosure. “Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk,” wrote Mike Reavey, director of the Microsoft Security Response Center, in a blog post.
Reavey also criticized Ormandy for not being thorough in his analysis: “It turns out that the analysis is incomplete and the actual workaround Google suggested is easily circumvented.”
The vulnerability is known to affect Windows XP and Windows Server 2003 only. Microsoft is currently working on a fix. In the interim, users can protect themselves by unregistering the HCP protocol as described in Microsoft Security Advisory 2219475.
If you prefer your netbooks in the Windows XP flavor, you might want to plan ahead and buy a six pack. Starting this coming October, Microsoft will no longer allow manufacturers to install XP on netbooks. Microsoft has previously alerted OEMs to this, but took the opportunity this week to remind everyone.
Microsoft went out of its way to optimize Windows 7 for netbooks, and most users seem to be fine with the newer OS. The number of Windows 7 netbooks has been increasing steadily, while XP machines are declining, Though, there are still a number of XP netbooks being sold.
OEMs are rumored to be paying about $50 per Windows 7 license, as opposed to a mere $15 for XP. We can see why they'd want to continue offering XP on some machines, given the famously low profit margins on netbooks. Do you still want XP on your netbooks?
I have Windows 7 Home Edition 64-bit. When I download pictures from the Internet, I want to save them to a specific folder—let’s call it ABC. I right-click the picture and select Save Picture As. Then Windows Explorer sends me to Libraries\Picture Library. I then navigate to ABC folder and click it, then click Save. I right-click the second picture, but I’m sent back to the pictures library! The save dialog in Windows XP would open right at the last directory I saved photos to, so I didn’t have to click back to the ABC folder every time. Why won’t Windows 7 do the same?
Read the Doctor's answer for Glenn after the jump.
Security software firm McAfee apologized last week for issuing an update to the company's corporate antivirus suite that caused the scanner to identify a benign file in Windows XP machines as a virus. The screw up, which mainly affected XP SP3 rigs, had IT departments scrambling to repair and restore machines that had crashed.
"First off, I want to apologize on behalf of McAfee and say that we're extremely sorry for any impact the faulty signature update file may have caused you and your organizations," said Barry McPherson, executive vice president of support and customer service, in a blog post.
McPherson went on to blame the situation on a recent change made to McAfee's QA environment that resulted in a faulty DAT making its way out of the company's test environment and onto customer PCs.
McAfee didn't disclose how many computer systems were affected, though some estimates put the number in the thousands. The timing is especially bad for McAfee, as the company's consumer oriented internet security suite seemed to have turned a corner with this year's release, earning an 8 verdict in our recent 10-man security shootout.
There are some details are leaking out regarding antivirus maker McAfee's assessment of yesterday's buggy update to their corporate security software. The update caused Windows XP machines to crash left and right. The confidential documents were sent to Ed Bott, and paint a picture of poor quality control. The anonymous sender of the email says the error was totally preventable.
The document itself seems to indicate that steps in the testing process were not followed. McAfee requires peer-review of all DAT update files, and apparently that didn't happen. They also inexplicably failed to test the update with Windows XP SP3, the operating system affected by the bug. Just as a reminder, this is an enterprise product. You'd expect special attention to be paid to the QC process.
It's a little telling that McAfee's website has not been updated with any details on the error. Could it be they are working on a way to spin this unflattering evidence into a bad news/good news statement? Businesses definitely are suffering financially from this incident which will likely require techs to make a visit to each and every affected PC. Any reports from the field? Are you seeing clean-up efforts proceed as planned?
Users of McAfee's corporate antivirus product found themselves wrestling with some pretty serious problems today. The most recent DAT update for the antivirus suite caused the scanner to identify the benign Windows svchost.exe file as a virus. The antivirus' course of action is clear; it deletes the file. The result is a lot of crashed PCs and unhappy IT departments. This isn't even the first time McAfee has had an error like this.
When the gravity of the situation was made clear, McAfee pulled the update from their servers and reiterated that it had only been pushed out to machines running the corporate edition of the software. The problem, according to McAfee, mainly affects PCs running XP SP3. Given that a lot of business environments still run on XP, that's a lot of potential machines.
McAfee has issued a "fix", but inexplicably, it only helps those who haven't yet had their machines crash after receiving the update. Currently, the only way for IT departments to fix the issue involves repairing the Windows install manually. Has anyone out there had any experience with this bug today?
Microsoft announced today that hardware level virtualization will no longer be required to run XP Mode on Windows 7. The change is effective immediately, but those already running XP Mode don’t need to get new copies. Any users on Windows 7 Professional or higher can download and run the new code regardless of hardware support.
The news that XP Mode would need hardware virtualization was a bit dismaying to some. It was ofeten difficult to tell if a CPU had the correct features, and some surprisingly modern CPUs lacked them. The scale of the discontent led Microsoft to develop a way to run XP Mode without the BIOS level virtualization.
If you’re on a Windows 7 system without hardware virtualization, you can get your free copy of XP Mode for 32-bit or 64-bit.
It’s a change that makes sense, and is probably long overdue. The current formatting standard for hard drives is a legacy from floppy disks--formatting in blocks of 512 bytes. This makes for a lot of wasted hard drive space, when error correction and block gaps are tallied in. Given the amount of space that can be wasted on a 1TB drive with 512 byte blocks, it’s time for a change.
The new standard, promulgated by the International Disk Drive Equipment and Materials Association (Idema), which all hard drive makers have committed to adopting, is a 4K block. Besides an eight-fold reduction of the amount of unused space, this standard doubles the amount of error correction per block. Hard drive makers can squeeze out more storage capacity on the same size hardware. Steve Perkins, a technical consultant for Western Digital, estimates the format to be about 7 percent to 11 percent more efficient.
Windows 7 (and Vista), along with Apple’s Tiger, Leopard, and Snow Leopard versions of OS X, and all builds of Linux released after September 2009 are 4K aware--they can handle the new formatting standard, no problem. But XP can’t. It’s stuck, permanently, in the 512 byte block world. Hard drive manufacturers know this, so they have built in emulation for the 512 byte block size. The emulation, however, can result in slower performance. David Burks of Seagate anticipates a 10% drop in performance for XP users.
It’s not a big hit, to be sure, but it is a start. With hardware development on-going, and XP frozen in time, it’s not a matter of if XP will become obsolete, but when. That day, to the possible chagrin of some XP users, may be sooner than they'd like.
I love my PC, but it has just gone wacko! I keep getting this error on Windows XP: “Parser message: Value creation failed at line 544.”
I put my PC to sleep, but the message pops up repeatedly before it will sleep. Once it returns from sleep, the same message pops up five times, followed by the Classic startup screen. I don’t use the classic theme, but I couldn’t figure out what was going on so I just dismissed the error and kept playing the game I was playing. The next day the error was back. Help!