Microsoft issues a security advisory in response to the publication by a Google employee of attack code for a zero-day vulnerability affecting Windows XP and Windows Server 2003.
The vulnerability, uncovered by Google engineer Tavis Ormandy, affects “the Windows Help and Support Center function that is delivered with Windows XP and Windows Server 2003,” Microsoft said. Other editions of the operating system are not impacted by the bug. So far, Microsoft has not seen any evidence the vulnerability is being targeted in the wild. However, attacks may be forthcoming since Ormandy’s code is public.