Skip to main content

Microsoft prepares to plug Google-hyped holes

Troubled maker of software and one-time maker of mobile phones Microsoft has been crafting a plug with which to patch up two zero-day vulnerabilities in a fix to be released on this coming 'Patch' Tuesday.

The update will be labelled 'critical' on two fronts, one of which addresses the Windows Help and Support Centre vulnerability, which is being widely exploited after a Google researcher made a point of telling world about it.

Hackers have three days in which to make hay before the holes are patched and they have to wait for Google to uncover another one for them to have a poke about in.

Vole insecurity officer, Jerry Bryant, bogged that a further three patches will be forthcoming on Tuesday, making a grand total of five vulnerabilities to be plugged in the monthly update palaver.

The Windows Help Centre flaw, which affects XP and Server 2003 machines, was disclosed last month by Google researcher Tavis Ormandy in a move that miffed Microsoft and - we imagine - any users subjected to hack. Microsoft found in-the-wild exploits targeting the flaw on June 15, after confirming Ormany's findings

The other zero-day vulnerability affects the Canonical Display Driver, and has been known to be flapping enticingly open since May

This update will be the last to patch up Windows XP SP2.