Fresh Microsoft Windows XP Flaw Exploited In Targeted Attacks

Microsoft has warned of a newly-discovered flaw affecting Windows XP, which allows anyone running in a standard user account to execute code in the operating system’s kernel.

Attacks have already been seen in the wild, as hackers used the vulnerability alongside an already-patched Adobe Reader flaw, so this qualifies as a so-called zero-day attack. The exploits targeted Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3.

Windows XP zero-day threat

“We are aware of limited, targeted attacks that attempt to exploit this vulnerability,” Microsoft said in its advisory.

“Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003.

“The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”

Microsoft hasn’t said whether it will issue a full fix in one of its regular Patch Tuesday bulletins or in an out-of-band release.

It has offered a number of workarounds, which can be viewed on Microsoft’s advisory here.

Soon, Microsoft won’t need to offer updates for Windows XP, as support ends on 8 April 2014. XP users have been warned they will find themselves considerably more vulnerable after that date.

“I find it interesting to see an XP zero-day released as we’re approaching end of support,” Tory Hunt, software architect and Microsoft Most Valuable Professional for developer security, told TechWeekEurope.

“Just over four months from now and you may not see any support to patch this and it being far more effective. It’s a timely reminder that running a 12-year old OS will bite you and it’s about to get a whole lot worse when support ends.”

Are you a security guru? Try our quiz!