Older Windows holed

Flapping in the wind

An insecurity expert has has discovered  a vulnerability in older versions of Windows which pesky attackers could exploit to take over control of your PC.

Somewhat ironically, the vulnerability afflicts the Help and Support Center for Windows XP and Server 2003, which users may still  - just about  - be able to use to get online technical support.

In an advisory published yesterday, researcher Tavis Ormandy wrote that hackers could use a web page to run dodgy commands using the remote assistance tool, which tech support staff would use to guide flummoxed users through a problem with their PC.

"Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user," Ormandy wrote.

Orrmandy said he'd alerted Microsoft's virtual bouncers to the presence of the vulnerability last Friday.

"I've concluded that there's a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security," he wrote, justifying his exposure of  the bug.

In a statement, Microsoft confirmed it was aware of the issue. "Microsoft is investigating public disclosure of a vulnerability affecting Windows XP and Windows Server 2003,” spokesman Jerry Bryant wrote.

“We will release more information as we determine the extent of the issue based on our investigation."