Google Researcher's Windows XP Hack Used by Criminals

A Windows XP vulnerability first reported by Google researcher Tavis Ormandy has been actively exploited by hackers to deliver malware.

The flaw, which affects Windows XP and Windows Server 2003 when the HCP protocol is enabled, could allow hackers to execute commands on the victim's system.

Microsoft has maintained that the flaw is a minor one, but has urged users to download a one-click fix-it tool to rectify the problem until a proper patch for the flaw is released.

The defect was first identified Google's senior security researcher Ormandy last week. At the time, he provided a detailed description about the vulnerability through a public e-mail list.

Ormandy claims he tried for five days to explain to Microsoft the need for a patch to fix the vulnerability, but when they refused he decided to publish a detailed explanation on how to exploit the vulnerability, hoping that this would prompt the company to act.