Skip to main content

Windows XP hit by new zero-day exploit

A new zero-day exploit affecting Microsoft Windows XP and Server 2003 has been found in the wild leading the security community to advise people to upgrade to Windows 7 or 8 right away.

FireEye Labs researchers Xiaobo Chen and Dan Caselden found the vulnerability and reported so on the company blog, confirming that it only affects systems that are running Windows XP and hackers are targeting the vulnerability.

"This local privilege escalation vulnerability is used in the wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it," the post stated.

The post recommended that to prevent being affected by the problem users should upgrade to both the latest version of Adobe Reader and Microsoft Windows 7 or higher.

Microsoft confirmed the existence of the vulnerability in Security Advisory [2914486] and also reminded customers to keep software as up-to-date as possible as well as to protect the PC in question using firewalls and antivirus software.

The movement behind persuading companies to upgrade from Windows XP is growing with SANS Internet Storm Center [ISC] issuing an advisory to the public.

“If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The "never do what you can put off until tomorrow" project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities,” read the post.

Microsoft plans to remove support for Windows XP in April 2014 with this security advisory showing that many companies are still operating the 10-year-old OS.

Image Credit: Flickr (vibrant spirit)