If you’re one of the many people still running Windows XP on your computer, be on your guard.
Microsoft has issued a warning about a previously unknown and unpatched exploit in Windows XP, that cybercriminals are actively exploiting to infect computers.
According to the firm, the vulnerability (dubbed CVE-2013-5065) is in Microsoft Windows Kernel and “could allow elevation of privilege” in Windows XP and Windows Server 2003. Other versions of Windows are said not to be affected.
The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Yeowwch!
Security firm FireEye says that they have seen the Kernel exploit being used in PDF-based attacks, utilising a vulnerability in unpatched versions of Adobe Reader.
My advice? Accelerate your plans to switch from Windows XP to a more modern operating system as soon as possible. After April 2014, Microsoft won’t be issuing any more security fixes for the platform – so you’re potentially sitting on a time bomb.
Of course, chances are that you won’t be able to upgrade your computer’s OS this Thanksgiving weekend, so maybe – while you’re waiting for a proper patch from Microsoft – follow their advice about the Registry changes you can make to nullify this particular threat.
Also, make sure that your installations of Adobe Reader are being kept up-to-date as, so far, that appears to be the main vector for this particular exploit.
Stay safe.
I think a great way for cash-strapped XP users to mitigate their risk is to move to an appropriate Linux distribution. I wiped XP from several machines last year, and re-built like this resulting in some very happy users that didn't have to get new hardware.
Provided they keep their new installations patched, of course, it's a turn-key free solution for an awful lot of XP hangouts to come back to the land of the living. Not all, but a lot.
Graham, I know you can't endorse one OS over another in your professional capacity, but don't you think that if people knew they could do this, we could lose a lot of risky boxes?