Windows XP Bug Confirmed by Microsoft
Last Thursday, June 10, Microsoft confirmed that an unpatched bug was found in Windows XP and Windows Server 2003. The bug could infect computers by enticing users into visiting rigged or malicious or hacked web sites or opening attack or malformed e-mails.
There have been no reported in-the-wild attacks that are taking advantage of the bug.
Windows Vista, Windows 7, Windows Server and Windows Server 2008 R2 are reported to be not vulnerable to the problem.
A patch is being planned to be developed but the release date cannot be confirmed as of the moment.
The problem was first reported to Microsoft last June 5 by Tavis Ormandy, a security engineer for Google. However, Microsoft criticized him by making his report public four days later not giving ample time for them to create a fix first.
What he is being criticized more is that Google has a policy not to reveal a bug until the affected vendor has a chance to fix the flaw.