Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows XP Zero-Day Under Attack

Posted by Soulskill on from the escalation-of-stale-operating-system-attack dept.

wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."

10 of 241 comments (clear)

  1. Upate to the most current by KenValderrama · · Score: 3, Informative

    Adobe Reader - problem solved

    1. Re:Upate to the most current by Anonymous Coward · · Score: 0, Informative

      I use Foxit on my windows box.

    2. Re:Upate to the most current by twnth · · Score: 4, Informative

      10" are not gone, just changed.
      http://www.asus.com/in-search-of-incredible/us-en/asus-transformer-book-t100/

    3. Re:Upate to the most current by ArcadeMan · · Score: 5, Informative

      My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP. Are you suggesting I throw away my perfectly good CNC setup just because it's "old worthless crap"? Send me a check for $15K and I'll think about it.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    4. Re:Upate to the most current by digitalchinky · · Score: 4, Informative

      If you already have flash installed it will periodically ask if you want to update, if you click yes, it does a drive by install of McAfee, no opt-out at all. That's pretty evil behavior.

    5. Re:Upate to the most current by Anonymous Coward · · Score: 5, Informative

      GP AC here. I looked around to see if Adobe had anything to say about this and I saw a post where an Adobe employee claimed that the inclusion of the McAfee software was required to fund the development of Flash Player because they provide it freely to users. It was also pointed out that users can opt-out and how they supposedly understand users' concerns about bundled crapware so they will always offer an opt-out. I can't seem to find the link now, but the way it was worded just sounded so smug and entitled. The question that comes to mind is, why not make it opt-in instead? The answer is because their original intent was to trick users into installing it.

      Isn't it funny how a multi billion dollar corporation that made shitloads per software license of Creative Suite (and individual component applications therein) and distributed Flash Player (a necessary plugin for their own customers' audience) for years without the need for bundled crapware is all of a sudden "forced" to start including it; all around the same time that they discontinued Flash support on mobile devices and went to an even more expensive subscription model for their bread and butter products?

      I'd definitely say Adobe is evil.

    6. Re:Upate to the most current by serviscope_minor · · Score: 3, Informative

      My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP.

      You can buy single lane PCIe parallel port cards for about $30. If you pick a decent one, they act like totally bog standard parallel ports and don't require drivers etc.

      I don't know if you need harware virtualisation to connect the parallel port to a VM (I suspect not, but such processors are cheap now anyway--I think AMD offers it across the range).

      There's a good chance the PC will die long before the mill: a good, well maintained mill will last nearly forever. Probably worth investigating contingencies for when that happens.

      Also, have you checked to see if the mill runs off g-code? Many do which makes it pretty machine independent.

      --
      SJW n. One who posts facts.
  2. Remember kids. by Anonymous Coward · · Score: 0, Informative

    Remember kids, use a free software PDF reader.

  3. Re:Useless exploit, just gives admin to a local us by Anonymous Coward · · Score: 4, Informative

    I don't know if you're joking, I suspect you are, but for the benefit of the following readers I'll explain.

    Here's how it works. User is tricked into accessing an infected pdf which contains code to elevate the user's privileges. the infected document's code downloads further exploits to root-kit the box. Right now the exploit is in a pdf, but infected websites are sure to follow.
    If it's out there, and it has a picture of a puppy (or, in the USA, the word "free"), some user will click on it.

    If you read the TFA, then you know it also is a Server 2003 bug as well.
    Privilege elevation exploits are a nightmare for Terminal Server and Citrix boxes because it is a conduit for installing tools (using the admin rights) to grab other users' credentials and to continue from there to own the entire environment.

  4. Server 2003 as well by Anonymous Coward · · Score: 5, Informative

    Did the submitter RTFA, or just submit as soon as (s)he saw the words "XP exploit" somewhere?

    It's not mentioned, in the Slashdot article, but it's also a Server 2003 bug.
    https://technet.microsoft.com/en-us/security/advisory/2914486
    This means Server 2003 Terminal Servers and Citrix boxes.