If your organization needed more incentive to move off Windows XP, a new zero-day vulnerability made public recently may be it.

The bug, which is being exploited in the wild, allows local privilege escalation and kernel access. But in the bigger picture, it’s another indicator that attackers might be readying a cache of attacks for the impending April 8, 2014 end-of-support deadline for the aged operating system.

Microsoft began an overt campaign with the release of its latest Security Intelligence Report explaining the dangers of keeping endpoints and servers on the OS, which is now a dozen years old.

“From a security perspective, this is a really important milestone,” Microsoft spokesperson Holly Stewart said. “Attackers will start to have a greater advantage over defenders.  There were 30 security bulletins for XP this year, which means there would have been 30 zero-day vulnerabilities on XP [without support].”

In the October SIR, Microsoft said computers running XP Service Pack 3 are six times more vulnerable to malware infection than a computer running on Windows 8; Microsoft said data from its Malicious Software Removal Tool indicates that 9.1 XP computers are disinfected by MSRT versus 1.6 Windows 8 machines.

“The real story is that this zero day is just the tip of the iceberg.  Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 that their exploits will work forever against hundreds of thousands (millions?) of XP workstations,” wrote Rob VandenBrink on the SANS Internet Storm Center website. “If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8The ‘never do what you can put off until tomorrow’ project management approach on this is on a ticking clock, if you leave it until April comes you’ll be migrating during active hostilities.”

Microsoft released an advisory late Wednesday on the latest zero-day after an earlier report from security company FireEye identified the vulnerability. FireEye researchers said they found an exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. Reader versions 9.5.4, 10.1.6, 11.0.02 and earlier on XP SP3 are affected, later versions are not, FireEye said, adding that this exploit gives a local user the ability to execute code in the kernel, such as install new software, manipulate data, or create new accounts. The exploit cannot be used remotely.

Microsoft said it is working on a patch and urged XP users to delete NDProxy.sys and reroute to null.sys in the system registry. NDProxy.sys is a driver that aids in the management of Microsoft Telephony API (TAPI). The mitigation will of course impact TAPI operations.

“For environments with non-default, limited user privileges, Microsoft has verified that the following workaround effectively blocks the attacks that have been observed in the wild,” Microsoft group manager Trustworthy Computing Dustin Childs said.

Categories: Microsoft

Comments (5)

  1. Luke Jonas
    1

    I am an IT Consultant in North America and I have run into many Clients who simply cannot afford to upgrade their hardware and or software to Windows 7 or 8. The main reasons are the amount of money and time it takes to accomplish this. A typical example is that their existing vertical business application software needs to be rewritten for either Windows 7 or 8. Further since their hardware is still working they simply refuse to migrate from XP but they are afraid of getting viruses and malware. Essentially many Microsoft Users are stuck between a rock and hard place.

    So I found an excellent User friendly Linux OS that cocoons all versions of Windows: i.e. XP and or 7 inside a very innovative Virtual Machine so that the users data files are saved to a Linux partition while the Windows OS & software is initially backed up and stored in just one .vdi file safely inside the Linux partition,  which contains their original Windows installation with all its programs too. So if they get hit with a morphing virus it takes them only one click to restore their original copy of Windows XP or 7 and of course since their data is always safe inside the Linux partition and fully read writable from the Windows OS with bookmarked folders there is no downtime as it only takes seconds to click on their Robolinux menu option that restores their original perfect Windows Virtual Machine back to the way it was before the virus struck them.

    The result is my Clients are saving a lot of money and they are completely immune to all Windows malware and now they have as much time as they need to rewrite their software for either Linux or Windows 7. None of my Clients will even consider Windows 8 as a solution.

    Check it out: Google Robolinux.

    Reply
  2. Cher
    2

    Glad to hear others in similar situations.I’ve gor thousands of dollars of software for xp..xpp..vista 32..some works on my vista 64 bit..most won’t..this btw is photo editing suites etc
    My both both vistas r in disrepair. Ine needs a screen.One needs reunstall of OS for the umteenth time..a sm xp needs cable recepticle..my Xp ro desktop works fine..stabler than the others.Do uvkniw whereI might have your remedy installed by? I’m in zip code 02150. Do u think Micro Ctr would do this sort of work?IT had a super tech at the Cambridge MA store but too bad he’s gone. I’ve had to many techs scew up MANY ps on me.
    Thanks for the info.

    Reply
  3. Paul Williams
    3

    Get manufacturers to write drivers for for perfectly good hardware for WIndows 7 and I’ll consider it. As it stands, I can only use my printer on XP because HP refuse to support it on later Windows versions; and the graphics card in teh laptop has no drivers beyond XP either. The problem is with thtese 3rd parties for me. I will not even consider Windows 8. Awful.

    Reply
    • David
      4

      So, you will essentially cut off your nose to spite your face. Upgrade the equipment and get with the program, or you will be run over by a BLIZZARD of malware. Not too hard to understand.

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>