Microsoft has acknowledged that a security flaw in the Windows XP Help and Support Center has allowed hackers to remotely control unsuspecting users’ computers.
The vulnerability was discovered by a researcher last week. Tavis Ormandy wrote on a website that attackers could access other computers via the remote assistance tool.
In a security advisory on its website, Microsoft wrote: “This vulnerability could allow remote code execution if a user views a specially crafted web page using a web browser or clicks a specially crafted link in an e-mail message.
“Microsoft is also aware of limited, targeted active attacks that use this exploit code.”
The software giant added that Server 2003 users are not at risk, as originally reported, and that it will “take appropriate action” to protect customers once it has completed its investigation.