Jump to content
Login new information ×
Login new information

Microsoft issues security alert for new Windows XP and Windows Server 2003 exploit

Matsuda

By Matsuda
in Security & Privacy News

 Share

Recommended Posts

Matsuda

Matsuda

Posted
Posted

windows-2003-server.jpg

Microsoft is now less than five months away from cutting off support to Windows XP, but before that happens the company is still issuing new security alerts for the OS. The latest such advisory was issued earlier today and also affects Windows Server 2003.

Microsoft's Security Response Center blog has the details on the advisory, which is due to a local privilege escalation exploit that was first discovered by the FireEye research firm. FireEye states, "The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel."

Microsoft says that Windows XP and Server 2003 users must open a malicious PDF file to be affected by this new exploit. While Microsoft is working on a full patch that will permanently close this hole, it does recommend that users delete their NDProxy.sys file and reroute to Null.sys. The company has determined that this will be an effective workaround until a patch is released.

The blog adds, "We hope this doesn’t disrupt any holiday plans you may have, but we did want to provide you with actionable information to help protect your systems. We continue to monitor the threat landscape closely and will take appropriate action to help protect customers."

search_button.gifSource

Link to comment
Share on other sites
  • Replies 3
  • Views 1.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • johndoe

    2

  • Matsuda

    1

  • STEEL

    1

Popular Days

Top Posters In This Topic

Popular Days

STEEL

STEEL

Posted
Posted

deleting NDProxy.sys is just fine but how does one go about accomplishing this?

reroute to Null.sys
Firms urged to ditch Windows XP after zero-day attack discovered in the wild
microsoft-windows-xp-540x334.jpg?1310469

A zero-day vulnerability in Microsoft's Windows XP and Server 2003 has been discovered and is being actively targeted by hackers, leading to fresh calls for businesses to move to newer Windows versions sooner rather than later.

FireEye researchers Xiaobo Chen and Dan Caselden reported uncovering the vulnerability in a blog post, confirming that it only affects Windows XP systems.

"FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP," read the post.

The researchers confirmed evidence that the vulnerability is being actively targeted by hackers. "This local privilege escalation vulnerability is used in the wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability," read the post.

"The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it."

Microsoft Trustworthy Computing (TwC) group manager for incident response communications Dustin Childs confirmed the company is aware of the issue and is working on a fix. In the interim he recommended that XP users employ a temporary workaround fix. "While we are actively working to develop a security update to address this issue, we encourage customers running Windows XP and Server 2003 to deploy the following workarounds," he said.

"Delete NDProxy.sys and reroute to Null.sys. For environments with non-default, limited user privileges, Microsoft has verified that the following workaround effectively blocks the attacks that have been observed in the wild."

The zero-day vulnerability's discovery has led to fresh calls within the security community for XP users to update their systems to run newer Windows versions. The SANS Internet Storm Center (ISC) issued a public advisory, warning XP users the new vulnerability is only the tip of the iceberg.

"The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero-day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014," read the ISC post.

"If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The 'never do what you can put off until tomorrow' project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities."

Microsoft is set to officially cut support for its decade-old Windows XP operating system in April 2014. Despite the looming cut-off, widespread reports suggest many companies have still not begun migrating their systems to run newer versions of Windows although some firms are now on this path.

http://www.v3.co.uk/v3-uk/news/2309770/firms-urged-to-ditch-windows-xp-after-zero-day-attack-discovered-in-the-wild

Link to comment
Share on other sites
johndoe

johndoe

Posted
Posted (edited)

thank you but how does that answer my question? how do i?


reroute to Null.sys
Edited by johndoe
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...