Results 1 to 4 of 4

Thread: Microsoft warns of zero-day XP kernel bug being exploited in the wild

  1. #1
    Join Date
    Apr 2003
    Posts
    13,269
    Rep Power
    34

    Default Microsoft warns of zero-day XP kernel bug being exploited in the wild

    Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.

    Apparently, the bug, dubbed CVE-2013-5065, is being exploited in the wild, though details of exactly how, where, by whom and to what effect are not known.

    That makes it rather hard to decide exactly how to respond, but here's what we know so far:

    • The bug is in the NDPROXY.SYS driver, which co-ordinates the operation of Microsoft's Telephony API (TAPI).
    • The exploit doesn't allow remote code execution on its own, only an elevation of privilege (EoP).
    • The vulnerability exists in Windows XP and Server 2003 only.
    • No formal patch or Fixit has been published yet.
    • A simple registry tweak can immunise an XP computer against the vulnerability.
    • The registry tweak has some side-effects you need to know about.

    Even though EoP holes aren't directly exploitable by remote attackers, cybercriminals can combine an EoP with a conventional exploit, such as a drive-by malware attack against your browser or other content-rendering software.
    Read more: http://nakedsecurity.sophos.com/2013...d-in-the-wild/

    I feel seh MS resorting to these things to get people to come off XP yuh nuh. Last time, they released a security update that crippled a lot of XP systems.
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

  2. #2
    Join Date
    Aug 2007
    Posts
    151
    Rep Power
    0

    Default

    I strongly agree, this is some plot by Microsoft to person to spend money to buy new operating system or PC
    My Web sites: Jamaica Weather: http://jaweather.com , Best Smart DNS Service: http://bestdnsservice-usa.com , Phone Unlocking & Iphone Chargers: http://iphone-charger.net , Live Soccer TV: http://live-soccer-tv.net

  3. #3
    Join Date
    Oct 2006
    Posts
    152
    Rep Power
    0

    Default

    If this was a plot by Microsoft it is not a good one since the issue also affects Server 2003 and server products have much longer support lifetimes. Wonder how long the NSA has been using this vulnerability...

  4. #4
    Join Date
    Feb 2003
    Posts
    3,184
    Rep Power
    0

    Default

    I went back to windows XP and chrome 5 - its faster than anything out today. zero lag. Skype doesn't work anymore on XP though. Of course they want every one to use Windows 8.1 - it business.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •