Security researchers are reporting a new security hole in Windows XP Service Pack 2 – the only "supported" version of XP – that could lead to complete compromise of your PC.
There have been no attacks so far, but proof-of-concept code is available online, so it's good to be aware that a potential problem is out there.
The hole was found by Jonathan Sarba of the GoodFellas Security Research Team, who said on the team's Website that Microsoft had been first notified of the defect in late June, and was contacted regarding it repeatedly after that.
Research firm Secunia rates the risk at "moderately critical" the third tier of its five-tier severity rating scale. The problem lies in a pair of files that are part of XP's system code, but just because it's dweeby doesn't mean it isn't dangerous.
According to Secunia's alert HP All-in-One Series Web Release software/driver installer version 2.1.0 and HP Photo &Imaging Gallery version 1.1 are both vulnerable.
What's called the "attack vector" is yet another classic buffer overflow exploit. (Don't get me started.)
Meanwhile, Christopher Budd, security program manager at Microsoft said in a statement that the company "is investigating new public claims of a possible vulnerability in Microsoft Windows."
The statement is standard boiler plate, and says that if a problem is identified, Microsoft will figure out whether to issue an "out-of-cycle" update or to patch the bug as part of the Patch Tuesday process (so-called because Microsoft releases new patches on the second Tuesday of every month).
While we wait for Microsoft's verdict, keep your eyes and ears open for reports of real world attacks, especially if you run either of those pieces of HP software, because there is no fix or workaround just yet.
