New Windows XP Zero-Day Under Attack

wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."

Upate to the most current

[KenValderrama]

Adobe Reader - problem solved

Re:Upate to the most current

Uninstall Adobe Reader - 2 problems solved!

Re:Upate to the most current

[dreamchaser]

Upgrading the OS would be wise as well, especially since we're fast coming to the point of end of support, April 8th 2014. Windows 7 and 8.x both improved security considerable, and there are other more secure options as well such as MacOS X and the other varies flavors of *nix such as Linux distributions.

Re:Upate to the most current

Never have an adobe product installed in the first place - solved.

Re:Upate to the most current

[cant_get_a_good_nick]

Service Pack 2, a.k.a. when XP really became stable, was way back in 2004. SP3 was back in 2008, still 5 years ago. If you think about XP being NT2000 with a nicer GUI, then the design was set way back in 1997 or so, back when dialup was king and an AOL disk was not yet a running joke.

To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

For good and bad (and Mavericks has some things that piss me off) the Apple model of forced upgrades has some reasoning to it.

Re:Upate to the most current

[mlts]

For Web browsing in a VM, it is hard to beat XP for something that takes 512 MB of RAM, 16-24 gigs of disk space (partitioned into two disks, one for the system, one for scratch space for sandboxie's sandbox.) Its footprint is so light, the VM can stay resident on a box with 6-8 gigs of memory without issue, even with running fairly larger applications like Acrobat [1], Photoshop, Dreamweaver, and Flash.

I use Acrobat for producing PDFs for long term storage, FoxIt for viewing. So far, so good.

Re:Upate to the most current

[twnth]

10" are not gone, just changed.
http://www.asus.com/in-search-of-incredible/us-en/asus-transformer-book-t100/

Re:Upate to the most current

[tepples]

Sure, Windows 7 fits on my EeePC. Not.

Then do like I did: install an Xfce-based Linux distribution and run Windows applications in Wine. Should Microsoft follow through on the rumored complete deprecation of the desktop in Windows 9, you'll be ready. Or you can install a larger SSD in your Eee PC and max its RAM.

Do they even make pocketable little 9" PCs any more?

I too mourned the end of netbooks. Tablets sold with a keyboard, such as the ASUS Transformer Book, are probably the closest successor.

Re:Upate to the most current

[ArcadeMan]

My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP. Are you suggesting I throw away my perfectly good CNC setup just because it's "old worthless crap"? Send me a check for $15K and I'll think about it.

Re: Upate to the most current

Foxit is just as bloated as Adobe Reader.
Sumatra PDF is what Foxit was before becoming bloatware.

Re:Upate to the most current

[LoRdTAW]

It sounds like he might be running a PC based CNC system that uses a PC for control. You posted a DNC box that is for uploading programs via DNC which has always been serial. Some older PC based CNC controllers used the parallel port (especially common for stepper systems). Systems that used brushless servos typically used some type of dedicated hardware to close the servo loop and is commanded via the PC. Typically those were ISA cards with a DSP on board but also parallel based units were available.

I also support the PC based CNC systems at my place of work. The system is quite advanced and uses a real time subsystem which only supports Windows 2000/XP. One of the systems is XP and the others are Windows 2000. New software costs about 4k and depending on the drives used, may require new drives at a cost of $1700 per axis. We still have one DOS based CNC system left, an ISA/DSP card with proprietary vendor written software supported by one guy on planet earth. Since that system sees little use it is not worth to $30k+ to upgrade to a modern CNC system. And that price is just to keep the existing motors and stages, $60+k for a complete replacement.

Re:Upate to the most current

[digitalchinky]

If you already have flash installed it will periodically ask if you want to update, if you click yes, it does a drive by install of McAfee, no opt-out at all. That's pretty evil behavior.

Re:Upate to the most current

[QuantumRiff]

We have some expensive pitney bowes mailing systems. We inquired about a newer computer, NOT running xp. Turns out they changed the entire print assembly for the version that runs Windows 7. Its a $20k upgrade. (also need a new controller box, old one doesn't work with WIndows 7 software (mainly the hardware dongle, apparently)..

Our brand new pitney bowes mailing system has a windows 7 computer. The techs that installed it told our senior management to never run windows update, or install antivirus on it, or it would cause problems and make the machine not work. Boy did they get pissy when I put it on its own vlan, with only access to one server, and one port on that server, to get its updated files.

Re:Upate to the most current

GP AC here. I looked around to see if Adobe had anything to say about this and I saw a post where an Adobe employee claimed that the inclusion of the McAfee software was required to fund the development of Flash Player because they provide it freely to users. It was also pointed out that users can opt-out and how they supposedly understand users' concerns about bundled crapware so they will always offer an opt-out. I can't seem to find the link now, but the way it was worded just sounded so smug and entitled. The question that comes to mind is, why not make it opt-in instead? The answer is because their original intent was to trick users into installing it.

Isn't it funny how a multi billion dollar corporation that made shitloads per software license of Creative Suite (and individual component applications therein) and distributed Flash Player (a necessary plugin for their own customers' audience) for years without the need for bundled crapware is all of a sudden "forced" to start including it; all around the same time that they discontinued Flash support on mobile devices and went to an even more expensive subscription model for their bread and butter products?

I'd definitely say Adobe is evil.

Re:Upate to the most current

[LinuxIsGarbage]

Minimum requirements for Windows 7 is 16GB. I forget how much it actually uses, but it will be less. Hard drive footprint of 7Starter through 7Ultimate is the same. You can do an "anytime upgrade" from starter to Ultimate if you want. Starter just disables features.

The actual story of why Starter exists is early in the Netbook era (with small 4GB SSDs, and non Aero compatible Intel 915 chipsets which themselves were part of a Vista capable lawsuit), machines like EeePC 701 physically could not run Vista, but could run XP well, and Asus was selling them with Xandros (which was a terrible distro). Acer was selling Linux Netbooks too. To keep from losing market share Microsoft had to embarrassingly extend the life of XP by selling cheap XP Home licenses for low cost PCs (with restrictions on the hardware). Eventually the Netbook market platform had standardized on Atom processors, Aero compatible i945 (or better), 160GB hard drive, but low cost XP licences drove prices down. These machines technically were more than capable of running Vista or better. So when Windows 7 came out, Microsoft wanted to kill off selling new XP licences, so to capture the low cost PC market they sold 7 Starter, again with limitations on hardware.

My father has an MSI Wind that sold with Windows XP, and I upgraded the RAM from 1 to 2GB, and the machine happily runs Windows 8. I have an EeePC 701 that shipped with Xandros that happily runs XP, though I have set up Windows 7 to run off of an external Hard drive if I wanted. I also have an AMD based MSI netbook that shipped with XP Home, that I upgraded to Windows 7 right away. It came with 200GB HDD and 2GB RAM, which technically exceeded the limitations for low cost versions of XP Home so I don't know how they managed that.

Re:Upate to the most current

[serviscope_minor]

My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP.

You can buy single lane PCIe parallel port cards for about $30. If you pick a decent one, they act like totally bog standard parallel ports and don't require drivers etc.

I don't know if you need harware virtualisation to connect the parallel port to a VM (I suspect not, but such processors are cheap now anyway--I think AMD offers it across the range).

There's a good chance the PC will die long before the mill: a good, well maintained mill will last nearly forever. Probably worth investigating contingencies for when that happens.

Also, have you checked to see if the mill runs off g-code? Many do which makes it pretty machine independent.

They Didn't save this?

[cant_get_a_good_nick]

Hmm, a bug that gets admin rights.... If I were sufficiently evil I would have saved this until April when there's no chance of it being patched ever.

Re:Alternatives to Flash?

notepad

Gosh....

[hazeii]

Oh, I see, a ramping-up of press releases about 'exploits' against XP prior to the cut-off date.

Didn't see that coming.

Useless exploit, just gives admin to a local user.

[ReekRend]

Per TFA, this exploit is dumb and unconcerning. It just lets a standard user perform admin operations, no remote exploit of any kind. There have always been many ways for a standard user to get admin on any OS, the most trivial being physical access.

Would be funny if the attacker could

[future+assassin]

wipe windows and install Linux on the machine.

Re:Useless exploit, just gives admin to a local us

I don't know if you're joking, I suspect you are, but for the benefit of the following readers I'll explain.

Here's how it works. User is tricked into accessing an infected pdf which contains code to elevate the user's privileges. the infected document's code downloads further exploits to root-kit the box. Right now the exploit is in a pdf, but infected websites are sure to follow.
If it's out there, and it has a picture of a puppy (or, in the USA, the word "free"), some user will click on it.

If you read the TFA, then you know it also is a Server 2003 bug as well.
Privilege elevation exploits are a nightmare for Terminal Server and Citrix boxes because it is a conduit for installing tools (using the admin rights) to grab other users' credentials and to continue from there to own the entire environment.

Server 2003 as well

Did the submitter RTFA, or just submit as soon as (s)he saw the words "XP exploit" somewhere?

It's not mentioned, in the Slashdot article, but it's also a Server 2003 bug.
https://technet.microsoft.com/en-us/security/advisory/2914486
This means Server 2003 Terminal Servers and Citrix boxes.