Forgot your password?
typodupeerror
Windows Security

New Windows XP Zero-Day Under Attack 241

Posted by Soulskill
from the escalation-of-stale-operating-system-attack dept.
wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
This discussion has been archived. No new comments can be posted.

New Windows XP Zero-Day Under Attack

Comments Filter:
  • by Ken Valderrama (2899927) on Friday November 29, 2013 @05:15PM (#45557613)
    Adobe Reader - problem solved
    • by Anonymous Coward on Friday November 29, 2013 @05:17PM (#45557617)

      Uninstall Adobe Reader - 2 problems solved!

      • by Anonymous Coward on Friday November 29, 2013 @05:22PM (#45557651)
        Never have an adobe product installed in the first place - solved.
        • genius !
        • Never have an adobe product installed in the first place - solved.

          So other than Flash or Edge Animate, what's a good program for creating vector animations?

          • by Anonymous Coward on Friday November 29, 2013 @05:53PM (#45557839)

            notepad

          • Synfig [synfig.org].
          • Flash is on its last legs. You need to start moving to HTML5 based solutions. A Google query for "HTML5 animation editor" will yield a wealth of options.

    • by dreamchaser (49529) on Friday November 29, 2013 @05:17PM (#45557619) Homepage Journal

      Upgrading the OS would be wise as well, especially since we're fast coming to the point of end of support, April 8th 2014. Windows 7 and 8.x both improved security considerable, and there are other more secure options as well such as MacOS X and the other varies flavors of *nix such as Linux distributions.

      • Re: (Score:2, Insightful)

        by Joce640k (829181)

        Sure, Windows 7 fits on my EeePC. Not.

        I'm not even sure it would fit on my old HP laptop - that's only got a 30Gb hard disk in it. Windows 7 would overflow that in no time.

        (Yes, they're both used used almost every day...)

        Or I can upgrade all my perfectly-good hardware, right? Do they even make pocketable little 9" PCs any more?

        • Do they even make pocketable little 9" PCs any more?

          I'm still a bit upset that they stopped making those nice 8.9" and 10.1" machines. Surely they were a bit low performance but they were fun to use. Well, at least there's still the 11.6" category.

          • by twnth (575721) on Friday November 29, 2013 @05:45PM (#45557805)
            • Nice!
            • by 0123456 (636235)

              Except:

              1. It seems to be about twice the price of my old EeePC.
              2. It's a tablet with attached keyboard, so, with an Atom stuffed inside, is likely to be even more poorly balanced than my ARM Transformer.

              Chromebooks seem to be the real successor to netbooks, but the OS is a pain to replace.

            • by Luckyo (1726890)

              Let's just say that I hope you don't offer those things to people actually using current EEE PCs. They don't have too many people that liked them which is why they got canceled in the first place. They are imho extremely uncomfortable to use, but I've heard a second opinion from my mother who would be ranking pissed if her current little baby EEE PC died and she found out there was no replacement. But those that did like them tend to be pretty fanatical and phone/tablet OS in the same form factor for people

              • I still have mine and it still runs linux just fine.

              • by twnth (575721)

                I'm not sure that you actually looked at the item I linked to.
                Asus T100 "book" is a new product, only been on the market a couple weeks (local retailers here in Alberta got their first shipment last week). Its not the old android transformer that you may be thinking of.
                -10" 1388x768. maybe a smidge bigger than the EEE
                -full windows 8.1 32bit (not RT), comes with Office 2013 home and student. So it'll run just about anything
                -quad core modern atom processor, 2 gig ram, Intel HD graphics. Office, netflix runs j

                • by Luckyo (1726890)

                  Oh, that's actually good to know, thanks! I looked up the transformer line, and apparently it was 100% android before this.

                  Frankly, I'd pay that extra just for the 768p screen. The one I bought back in the day had a 600p screen and w7 configuration windows didn't fit the vertical space in default size in for many menus, making configuration a pain.

          • by mlts (1038732) *

            I'm in the same boat. I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.

            • I find that my Asus Transformer Prime 201 is just fine for the majority of tasks, and it works with my USB serial cable. Yes, I can console into firewalls, routers, switches, etc. with my tablet, and the fact that I have the optional keyboard dock makes it all the nicer.

            • I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.

              A lot of them are made by a company in China called Hiton (sometimes anglicised to Highton) and resold with vendor branding. You can still get a variety of size and spec XP/7/Linux machines from 5 to 11" from them. Googling should bring up a few places to buy them on, or just look in Alibaba.

              Asus have also just released the 1015E, which is a faily capable little 10" laptop available with Linux for $199 or Windows for $250.

              http://liliputing.com/2013/05/asus-1015e-low-cost-mini-notebook-review.html [liliputing.com]

          • by Luckyo (1726890)

            Sadly they didn't sell all that well. I'm already dreading having to tell my mother that I won't be able to replace her beloved 10.1" EEE PC when it eventually dies. She loves the damn thing to death, and I have no idea why - it was so small and uncomfortable to use for me when I set it up but she actually get her company to pay for it and install all of her work software on it.

          • by noh8rz10 (2716597)

            just get an 11 inch mac book air. those are pretty small too.

        • by mlts (1038732) * on Friday November 29, 2013 @05:44PM (#45557795)

          For Web browsing in a VM, it is hard to beat XP for something that takes 512 MB of RAM, 16-24 gigs of disk space (partitioned into two disks, one for the system, one for scratch space for sandboxie's sandbox.) Its footprint is so light, the VM can stay resident on a box with 6-8 gigs of memory without issue, even with running fairly larger applications like Acrobat [1], Photoshop, Dreamweaver, and Flash.

          I use Acrobat for producing PDFs for long term storage, FoxIt for viewing. So far, so good.

        • by lgw (121541)

          30GB is fine for Win 7, but you might have a lot of other stuff.

          Keeping WinXP around for aging crufty hardware isn't that interesting - just throw that old worthless crap out already, this isn't the 90s where you have to hang on to the old box until you have $3000 for a new one.

          OTOH, Windows is really hurting for a lightweight OS to replace XP in virtual machines. When you're trying to stack 200 virtual machines on a server, WinXP really hits a sweet spot. MS seems to have lost the ability to do "thin and

          • by mlts (1038732) *

            There is always WinFLP (Windows Fundamentals for Legacy PCs), which Microsoft put out to compete with lightweight clients a few years back. Essentially it is a modified copy of XPe and doesn't have a number of features (no BlueTooth, etc.) that XP has. Another alternative is Windows Server 2003 which tends to be more lightweight than XP.

          • by ArcadeMan (2766669) on Friday November 29, 2013 @05:59PM (#45557873)
            My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP. Are you suggesting I throw away my perfectly good CNC setup just because it's "old worthless crap"? Send me a check for $15K and I'll think about it.
            • by couchslug (175151)

              I agree as I support my buds CNC equipment.

              Of course that XP machine never needs to connect to the internet.

              BTW you can ditch the direct PC-to-parallel port connection if you ever wish to. These little units work a treat and tech support was outstanding. (A card in my buds Fanuc had malfunctioned and they helped him isolate that problem though it had nothing to do with their unit.)

              http://www.highlanddnc.com/ [highlanddnc.com]

              "parallel port which doesn't even exists anymore"

              There are plenty of parallel and serial port cards t

              • by LoRdTAW (99712) on Friday November 29, 2013 @06:35PM (#45558043)

                It sounds like he might be running a PC based CNC system that uses a PC for control. You posted a DNC box that is for uploading programs via DNC which has always been serial. Some older PC based CNC controllers used the parallel port (especially common for stepper systems). Systems that used brushless servos typically used some type of dedicated hardware to close the servo loop and is commanded via the PC. Typically those were ISA cards with a DSP on board but also parallel based units were available.

                I also support the PC based CNC systems at my place of work. The system is quite advanced and uses a real time subsystem which only supports Windows 2000/XP. One of the systems is XP and the others are Windows 2000. New software costs about 4k and depending on the drives used, may require new drives at a cost of $1700 per axis. We still have one DOS based CNC system left, an ISA/DSP card with proprietary vendor written software supported by one guy on planet earth. Since that system sees little use it is not worth to $30k+ to upgrade to a modern CNC system. And that price is just to keep the existing motors and stages, $60+k for a complete replacement.

              • by tlhIngan (30335)

                There are plenty of parallel and serial port cards to adapt later desktops.

                It's hard to believe, but yeah, there are tons of serial and parallel cards with PCIe interfaces on them. And if you have a laptop, ExpressCard serial and parallel ports exist too - and these aren't the chintzy USB ones (that use the USB port on the ExpressCard slot) - but use the real PCIe side of the slot and appear as a native port.

                I'm just waiting for the Thunderbolt ones to come out as well - after all, it's also PCIe.

                And I thou

            • If you are looking at desktop machines, there are motherboards being sold that still have the good old serial and parallel port headers. Laptops on the other hand...
            • by QuantumRiff (120817) on Friday November 29, 2013 @10:42PM (#45559007)

              We have some expensive pitney bowes mailing systems. We inquired about a newer computer, NOT running xp. Turns out they changed the entire print assembly for the version that runs Windows 7. Its a $20k upgrade. (also need a new controller box, old one doesn't work with WIndows 7 software (mainly the hardware dongle, apparently)..

              Our brand new pitney bowes mailing system has a windows 7 computer. The techs that installed it told our senior management to never run windows update, or install antivirus on it, or it would cause problems and make the machine not work. Boy did they get pissy when I put it on its own vlan, with only access to one server, and one port on that server, to get its updated files.

            • Without digging in too deep, last I checked, some "business class" desktops from Dell, HP, Lenovo could be equipped with LPT and serial ports. With laptops, you can usually configure a business class laptop with docking station to get legacy ports. Eg from Dell:

              http://accessories.us.dell.com/sna/productdetail.aspx?c=us&l=en&s=eep&cs=6099&sku=331-6304 [dell.com]
              "E-Port Plus, dock adds dual digital display and legacy port support, USB 3.0"

              And for anyone not in the know, USB parallel adapters are no good

            • by serviscope_minor (664417) on Saturday November 30, 2013 @07:55AM (#45560355) Journal

              My CNC requires a parallel port which doesn't even exists anymore and my CNC software can't run on Windows versions above XP.

              You can buy single lane PCIe parallel port cards for about $30. If you pick a decent one, they act like totally bog standard parallel ports and don't require drivers etc.

              I don't know if you need harware virtualisation to connect the parallel port to a VM (I suspect not, but such processors are cheap now anyway--I think AMD offers it across the range).

              There's a good chance the PC will die long before the mill: a good, well maintained mill will last nearly forever. Probably worth investigating contingencies for when that happens.

              Also, have you checked to see if the mill runs off g-code? Many do which makes it pretty machine independent.

          • Keeping WinXP around for aging crufty hardware isn't that interesting - just throw that old worthless crap out already, this isn't the 90s where you have to hang on to the old box until you have $3000 for a new one.

            On one hand I agree. On the other it's a little annoying that just about any system from the last 10 years, or more, has enough power to surf the web and check email. So it would be nice to keep perfectly adequate hardware out of landfills and not piss away a couple hundred bucks on a replacement.

            • by Patch86 (1465427)

              If all you're doing is checking email and surfing the web, surely Linux would do? LXDE is lighter weight than standard XP (and I'm sure XFCE isn't far off either). If all you want is to keep hardware alive for pleasure use, there's no reason not to.

              Bigger sympathy goes to people who have specific applications which are XP-compatible-only. As much as I love Wine as a project, it can still be a nightmare to get it working for anything both complicated and niche.

          • Have you tried to install XP in the last 6 months in VMware

            It has the SVCHost.exe taking 100% cpu utilization bug, updates do not work, this is what happens [neowin.net]. It took a week to install XP with my host machine running very hot.

            I finally found a fix of looking for a KB randomly for an IE update. MS support and googling had no answer to this but someone in a forum mentioned this fix after many many patches and fixits.

            100% of all XP versions are impacted regardless of source as I assumed I had a bad .iso. The t

        • by tepples (727027) <.moc.liamg. .ta. .selppet.> on Friday November 29, 2013 @05:46PM (#45557807) Homepage Journal

          Sure, Windows 7 fits on my EeePC. Not.

          Then do like I did: install an Xfce-based Linux distribution and run Windows applications in Wine. Should Microsoft follow through on the rumored complete deprecation of the desktop in Windows 9, you'll be ready. Or you can install a larger SSD in your Eee PC and max its RAM.

          Do they even make pocketable little 9" PCs any more?

          I too mourned the end of netbooks [slashdot.org]. Tablets sold with a keyboard, such as the ASUS Transformer Book, are probably the closest successor.

          • by DMJC (682799)
            Wine is not actually a replacement for windows yet. It still cannot emulate DirectX 1-6 which is crucial for a lot of games and applications. Wine devs need to finish fixing the older parts of wine before trying to run a race against DirectX 10/11/12 The way it stands now wine is only good for a few DirectX 7-9 games.
            • So games are your argument. For one thing, an Eee PC has the Intel "Graphics My Ass" integrated GPU that isn't really intended for heavyweight 3D gaming, and Wine runs a lot of the 2D games. For another, Wine isn't needed for any game that is ported to Linux, and once the Steambox One ships next year [theverge.com], video game publishers that want money will commission Linux ports.
        • Windows 7 and 8 will fit on a 30GB drive without a problem.
        • Fits just fine on my EeePC, although I upgraded the memory and drive as soon as I bought it. It actually runs quite well. Win8 won't fit though, as they artificially block installation if you don't have at least 768 pixels high.

      • by cant_get_a_good_nick (172131) on Friday November 29, 2013 @05:31PM (#45557705)

        Service Pack 2, a.k.a. when XP really became stable, was way back in 2004. SP3 was back in 2008, still 5 years ago. If you think about XP being NT2000 with a nicer GUI, then the design was set way back in 1997 or so, back when dialup was king and an AOL disk was not yet a running joke.

        To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

        For good and bad (and Mavericks has some things that piss me off) the Apple model of forced upgrades has some reasoning to it.

        • by epyT-R (613989)

          Service Pack 2, a.k.a. when XP really became stable, was way back in 2004. SP3 was back in 2008, still 5 years ago. If you think about XP being NT2000 with a nicer GUI, then the design was set way back in 1997 or so, back when dialup was king and an AOL disk was not yet a running joke.

          Argument from antiquity fallacy. Older designs are not necessarily inferior. Using your logic, I could make the same claims about bsd and linux, since their design tenets date back even earlier than windows NT. You also conflate GUI design with security. AOL was a joke from the beginning.. Where have you been?

          To those that say "well my computer works fine".. umm, no it doesn't. Your OS was designed in 1997-2001, in a relatively much safer Internet environment, and is not designed for always on persistent attacks with billions of dollars available by hacking. As much as I think Microsoft keeps people out to dry, at some point you need to update.

          So as of the last patch tuesday, do you think you're now secure? You'd be a fool to think so. The proof is in the next batch of patches due out next tuesday. It's your behavior and process that

    • by AC-x (735297)

      The elevation of privilege vulnerability isn't Adobe's fault, any program running under a limited user could get full admininstrator rights with that.

    • by hairyfeet (841228)

      Better yet get rid of an OS that is now FOUR versions behind, how about that?

      When XP came out the average PC was a P3 of less than a GHz and 128Mb - 256Mb of RAM. You were just starting to see 512Mb machines but like the GHz systems they were pretty damned expensive. Yes XP is THAT old.

      I mean we'd laugh and think somebody was nuts if they were running Android 1.0, or OS 9 right? So why would we think someone was any less nuts for running a 12 year old OS four versions behind? Because MSFT puts out patches?

  • by cant_get_a_good_nick (172131) on Friday November 29, 2013 @05:22PM (#45557643)

    Hmm, a bug that gets admin rights.... If I were sufficiently evil I would have saved this until April when there's no chance of it being patched ever.

    • Who's to say there aren't other, better things saved up for April? If they've managed to fritter away their window to migrate to GNU/Linux, well they'll have fun in April.
  • Too Bad (Score:2, Funny)

    by Oysterville (2944937)
    Too bad Windows XP won't be supported much longer. Once that happens, it would be a...shame if something were to happen to that PC. If you upgrade to Windows 8, Microsoft will surely protect you.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Because your cellphone, tablet, or Macintosh enjoyed 13 years of support from initial release (and 7 years after being replaced by the next version).

    • I know it was supposed to be funny but this is in fact the reality we face. MS isn't going to support a 13 year old OS forever. Exploits will still be found after they stop supporting it. Conspiracy types will claim MS planted them but it would be even crazier if the last bug was patched on the day they cut support. That isn't going to happen.
      If you are using your system for professional work and it's still running XP it has paid for itself many times over. Upgrading is a cost of business. A responsible com

    • by Patch86 (1465427)

      I wonder idly how many zero-day exploits have been discovered by the bad guys and are being kept in the bank waiting for April. Are we going to see a sudden explosion of exploits mid next year, as everyone makes their move in the knowledge that security updates won't be forthcoming?

  • Gosh.... (Score:5, Insightful)

    by hazeii (5702) on Friday November 29, 2013 @05:56PM (#45557855) Homepage

    Oh, I see, a ramping-up of press releases about 'exploits' against XP prior to the cut-off date.

    Didn't see that coming.

  • by ReekRend (843787) on Friday November 29, 2013 @06:05PM (#45557905)
    Per TFA, this exploit is dumb and unconcerning. It just lets a standard user perform admin operations, no remote exploit of any kind. There have always been many ways for a standard user to get admin on any OS, the most trivial being physical access.
    • so all you need to due is use this to install that remote exploit app.

    • Truly remote exploits are getting rarer and rarer. These days it usually takes two (or more) exploits, an exploit to become a local user, and a permission escalation exploit to become admin.
    • by Anonymous Coward on Friday November 29, 2013 @09:30PM (#45558745)

      I don't know if you're joking, I suspect you are, but for the benefit of the following readers I'll explain.

      Here's how it works. User is tricked into accessing an infected pdf which contains code to elevate the user's privileges. the infected document's code downloads further exploits to root-kit the box. Right now the exploit is in a pdf, but infected websites are sure to follow.
      If it's out there, and it has a picture of a puppy (or, in the USA, the word "free"), some user will click on it.

      If you read the TFA, then you know it also is a Server 2003 bug as well.
      Privilege elevation exploits are a nightmare for Terminal Server and Citrix boxes because it is a conduit for installing tools (using the admin rights) to grab other users' credentials and to continue from there to own the entire environment.

  • by future assassin (639396) on Friday November 29, 2013 @07:01PM (#45558177) Homepage

    wipe windows and install Linux on the machine.

    • by DMJC (682799)
      All they need to do to make this happen is find a memory point in windows, where Linux can be injected so it overwrites the kernel and boots linux after enough of the root filesystem has been written to disk. I'm surprised noone has tried to do this before.
  • Man, I guess they were testing or something, but for a while, "slashdot.org" was redirecting to "beta.slashdot.org". All I could really make out was this "New Windows XP Zero-Day Under Attack" Headline and thought that something was wrong with either my PC or the site.

    But maan that new layout [slashdot.org] sucks balls. I hope they don't go through with it.
  • Server 2003 as well (Score:5, Informative)

    by Anonymous Coward on Friday November 29, 2013 @09:35PM (#45558775)

    Did the submitter RTFA, or just submit as soon as (s)he saw the words "XP exploit" somewhere?

    It's not mentioned, in the Slashdot article, but it's also a Server 2003 bug.
    https://technet.microsoft.com/en-us/security/advisory/2914486
    This means Server 2003 Terminal Servers and Citrix boxes.

HOST SYSTEM NOT RESPONDING, PROBABLY DOWN. DO YOU WANT TO WAIT? (Y/N)

Working...