The Windows Help and Support Center vulnerability that was patched with yesterday's MS10-042 bulletin was under active attack by malware miscreants, especially in Europe where Microsoft tracked about 25,000 attempts to exploit the vulnerability.
According to Microsoft's Holly Stewart, the attacks escalated significantly when the company announced the issue would be fixed in this month's Patch Tuesday.
In a blog post to the Microsoft Malware Protection Center (MMPC) blog, Stewart said the attacks started a few weeks ago and have continued to expand and some new attack patterns have come into play.
The attacks that we have witnessed in the wild work only on Windows XP (not Windows 2003). Early on, we saw attackers incorporate code to single out Windows XP targets, but more recently the attackers have been less discriminant, attempting this attack on a variety of operating systems, about half of which were not susceptible because the exploit code could have only been successful on a vulnerable version of Windows XP.
As of midnight on July 12 (GMT), over 25,000 distinct computers in over 100 countries/regions have reported this attack attempt at least one time, Stewart said. There was a "fairly large increase" over this past weekend, shortly after Microsoft announced that an update would be provided to fix this issue with the July security bulletin release.
Although Portugal has remained one of the most targeted areas, attacks on Russian systems have surpassed it over the past few weeks. Russia has now seen more than ten times the number of attack attempts per computer in comparison to the global average. Other countries/regions that have seen more than the global average are predominantly in Europe and the UK. The UK, in particular, was one of the regions in which we witnessed a surge in attack attempts over this past weekend.
Stewart said Microsoft tracked attack attempts in over 100 countries/regions.