Recently published and still unpatched Windows XP flaw exploited in the wild

Less than a week since the controversial release of details of a vulnerability in the Windows Help and Support Center function that affects Windows XP and Windows Server 2003 – executed by Google researcher Tavis Ormandy – the vulnerability has been spotted being exploited in the wild.

Sophos reports that they have discovered a compromised website (the didn’t mention which one is it) that is serving malware to unsuspecting users, and that it downloads and executes a malicious component that exploits the aforementioned vulnerability.

For all of you WIndows XP users out there, this is the right moment to consider employing the workaround published in the security advisory issued by Microsoft while waiting for the patch to be ready.