Microsoft confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 is currently being exploited in active attacks. If you are still running XP, why don't you put a new computer on your wish list?

Originally reported by researchers at FireEye, the the issue is an elevation of privilege flaw which allows an attacker to run arbitrary code in kernel mode. By exploiting this bug, an attacker could install additional programs, view or modify data, or create new administrator accounts on the computer, Microsoft said in its security advisory, released on Wednesday. Microsoft also said the attackers must first log in with valid account credentials to launch the exploit, and the vulnerability cannot be triggered remotely or by anonymous users.

"It is being abused in the wild in conjunction with an Adobe Reader vulnerability that had a fix published in August 2013," said Wolfgang Kandek, CTO of Qualys.

Users running outdated versions of Adobe Reader 9, 10, and 11 on Windows XP SP3, FireEye researchers Xiaobo Chen and Dan Caselden wrote on the company blog. Chen and Caselden recommended. Later versions of Windows are not affected.

Details of the Flaw

The issue is in the way NDProxy.sys kernel component fails to properly validate input, Microsoft said. The driver works with WAN miniport drivers, call managers, and miniport call managers to the telephony API.

There is currently no patch available and Microsoft did not provide any details as to when the issue will be fixed. The advisory outlined steps to disable NDProxy as a workaround. Disabling this component will break telephony services, including Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).

XP Woes to Continue

With Microsoft ending support for Windows XP in April 2014, security experts are concerned attackers will step up the rate of attacks against the old operating system after the last patches are released. Microsoft claimed at the end of October that approximately 21 percent of users are still running Windows XP. Attackers After April, these users will no longer receive any updates, making them vulnerable to zero-day attacks.

FireEye's Chen and Caselden reiterated the recommendation to upgrade XP systems to Windows 7 or higher in their blog post. Microsoft has added a number of security features into the newer OS versions to block certain types of malware from executing. Because XP lacks these mitigation technologies, XP users are almost six times more likely to be infected with malware as Windows 8 users, Microsoft said last month.

Administrators should speed up plans to migrate the remaining systems to a newer operating system so that they are not at risk come April. Vendors such as Browsium have released products to help businesses locked into applications that require Internet Explorer 6 to run, and there are virtualization technologies available to run line-of-business applications that work only on XP.

Details for the workaround are available here in the Microsoft advisory.

Further Reading

Security Reviews