The Windows Help and Support Center vulnerability, the details of which have recently been made public by researcher Tavis Ormandy, is being heavily exploited in the wild.
According to a recent post on Microsoft’s Malware Protection Center Blog, public exploitation of the vulnerability started on June 15th, but those attacks were probably undertaken by other researchers, since they were targeted and rather limited.
After that, the attacks became more widespread, and the targets more numerous. Microsoft claims that as of yesterday, over 10,000 separate computers have reported witnessing this attack. Computers in Portugal and Russia have seen by far the highest concentration of attacks:
The attacks only increased with time. Microsoft started seeing “seemingly-automated, randomly-generated HTML and PHP pages hosting this exploit”, and the goal of the attacks was to plant Trojans and viruses on the targeted system.
For those users who don’t use Microsoft’s security solutions with updated signatures for the detection of the exploit, the company advises implementing the workaround listed in the advisory.