Microsoft on Tuesday released four Security Bulletins to address five security vulnerabilities, the most serious of which could allow an attacker to take full control over a vulnerable Windows computer.
Among the fixes is a patch for a critical vulnerability in the Windows Help and Support Center , a feature designed to provide assistance to users. This vulnerability was irresponsible disclosed to the public by Google employee Tavis Ormandy prior to Microsoft providing a fix. Cybercriminals have already taken advantage of the vulnerability and exploited it to attack Windows users. (http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx)
"McAfee Labs has seen malware in the wild that exploits this o-day vulnerability," said Dave Marcus, research and communications director for McAfee Labs. "Security researchers need to work closely with software vendors to ensure vulnerabilities are patched in the most expedient method and timeline possible, without putting users at risk."
In addition to the patches, Microsoft today officially ended support for Windows XP Service Pack 2. This means that computers running Windows XP with SP2 will no longer get security updates from Microsoft.
"Many enterprises and consumer users still deploy and depend heavily on applications that run on this Windows build. It is unclear how much risk and expense the end of support will cause users worldwide but we expect cybercriminals to capitalize on this opportunity," said Marcus. "Users of Windows XP SP2 should consider migration options and robust security solutions to mitigate risk."
McAfee recommends that users install Microsoft's patches as soon as possible. Home users should use Windows Automatic Updates. Business users need to have a risk management strategy in place to prioritize the patches.
McAfee provides enterprises with endpoint and network based security technology as well as risk and compliance tools to shield against cyber attacks and allow organizations to patch on their own time
