Microsoft issues security alert for new Windows XP and Windows Server 2003 exploit

Microsoft is now less than five months away from cutting off support to Windows XP, but before that happens the company is still issuing new security alerts for the OS. The latest such advisory was issued earlier today and also affects Windows Server 2003.

Microsoft's Security Response Center blog has the details on the advisory, which is due to a local privilege escalation exploit that was first discovered by the FireEye research firm. FireEye states, "The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel."

Microsoft says that Windows XP and Server 2003 users must open a malicious PDF file to be affected by this new exploit. While Microsoft is working on a full patch that will permanently close this hole, it does recommend that users delete their NDProxy.sys file and reroute to Null.sys. The company has determined that this will be an effective workaround until a patch is released.

The blog adds, "We hope this doesn’t disrupt any holiday plans you may have, but we did want to provide you with actionable information to help protect your systems. We continue to monitor the threat landscape closely and will take appropriate action to help protect customers."

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Neowin's favorite Black Friday 2013 tech and software sales

Next Story

Report outlines leading smartphone issues

34 Comments

Commenting is disabled on this article.

up till today i had a 80gb seagate HDD from 2005 and having to install windows 7 made me give C:\ almost half of my space in order for windows 7 to work properly, but today i got a 500gb seagate and now im using windows 7 and i advise people do the same, but some are restricted by their hardware, as i was, so you cant blame people who are not enthusiasts and use their computer for simple tasks and dont care if their computer is slow or unprotected

but yeah - windows 7 is the new xp, windows 8 is like a social experiment and only unsuspecting gunea pigs use it

XP is 12 years old. Windows Server 2003 is 10 years old. And they are still full of all these kind of bugs. Just guess, how many bugs are still in Windows 7 and 8, count also that those are exponentially more bloated than the XP. Well, thats how software industry works(??).

soder said,
XP is 12 years old. Windows Server 2003 is 10 years old. And they are still full of all these kind of bugs. Just guess, how many bugs are still in Windows 7 and 8, count also that those are exponentially more bloated than the XP. Well, thats how software industry works(??).

Um. Do you have a source? Because I have many that say and detail changes to Microsoft's development process that were designed to eliminate and secure more bugs and holes that came about during the development of Vista. Look up Trustworthy Computing.

Delmont said,
Dot, don't feed the troll

Indeed, its not that I am using their products since the NT4 days, so may have some clue how its progressing or degrading over the time..

soder said,

Indeed, its not that I am using their products since the NT4 days, so may have some clue how its progressing or degrading over the time..

Yeah, "using" is not an indicator of anything.

I thought the Trustworthy Computing initiative started during XP's day?
Hence the major fanfare of XP SP2 at the time.

soder said,

Indeed, its not that I am using their products since the NT4 days, so may have some clue how its progressing or degrading over the time..


Yeah MS sucks at security, thats why there's so much exploits and hacks out there for Windows 8.1 (if you go by current marketshare or sales numbers compared to lets say OSX, Linux or Android...)
And IE11 is ofc by far the worst secured browser of them all, WP8 is getting hacked all over the place.

Just try hacking Windows RT, or even 'jailbreaking' it without Microsoft's own help for starters.

Raa said,
I thought the Trustworthy Computing initiative started during XP's day?
Hence the major fanfare of XP SP2 at the time.

It did, but the initiative was for lack of a better term, "tacked on". Vista was the first pure OS developed with the Initiative front and center.

More than a decade and MS still could not fix all the holes. MS better make some security arrangement to stop ransom virus which is encrypting files. I got my Hackintosh up and running and feel much better than using Windows.

Auditor said,
More than a decade and MS still could not fix all the holes.

It would take many lifetimes to remove all the bugs from any operating system.

rfirth said,

It would take many lifetimes to remove all the bugs from any operating system.

which also includes those in win 8(.1)

Auditor said,
More than a decade and MS still could not fix all the holes. MS better make some security arrangement to stop ransom virus which is encrypting files. I got my Hackintosh up and running and feel much better than using Windows.


Um, you DO realize that security is a process and not a product, right?

Dot Matrix said,


Um, you DO realize that security is a process and not a product, right?


I just knew Norton Internet Security was a fake!

Shadowzz said,
And then the entire world moves to Hackintosh, then what smart guy?
Just as brainless as those Linux guys shouting everyone should go to them.

Nah, you don't worry about Hackintosh or Linux community and no one is forcing you to join those clubs either. You keep yourself busy with MS product and keep the security process rolling every Tuesday of the Month.

Auditor said,

Nah, you don't worry about Hackintosh or Linux community and no one is forcing you to join those clubs either. You keep yourself busy with MS product and keep the security process rolling every Tuesday of the Month.

At least I know Microsoft will be punctual with patches. I can prepare ahead of time in deploying them. The same can't be said about Apple's 200+MB patches.

Dot Matrix said,

At least I know Microsoft will be punctual with patches. I can prepare ahead of time in deploying them. The same can't be said about Apple's 200+MB patches.

Good for you then. I guess you can be prepared every Tuesday for some big download and knowing even after a patch there will be still unpatched holes in the system which will bring MS attention next month by that time millions of MS computer users will be infected by viruses. Enjoy your security process service by MS . I am fine to download once in a while 200 MB patch on my Hackintosh.

Auditor said,

Good for you then. I guess you can be prepared every Tuesday for some big download and knowing even after a patch there will be still unpatched holes in the system which will bring MS attention next month by that time millions of MS computer users will be infected by viruses. Enjoy your security process service by MS . I am fine to download once in a while 200 MB patch on my Hackintosh.


Cause linux is so safe.
http://www.debian.org/security/

Auditor said,
More than a decade and MS still could not fix all the holes. MS better make some security arrangement to stop ransom virus which is encrypting files. I got my Hackintosh up and running and feel much better than using Windows.

I hope you don't provide computing advice to anyone, because you clearly don't understand the first thing about computer security.

Every operating system is vulnerable to issues such as these, simply because there is absolutely nothing stopping them (Nor really should there be) from accessing stuff in the user's area.

Take for example a simple virus that simply enumerates the user's Documents folder and deletes everything it finds. There's no security vulnerability here in Windows, because nothing has been compromised. "But it's a virus" the ill-informed complain. Correct, it's malicious code, but it hasn't done anything to compromise the system as a whole, and it hasn't done anything a young child couldn't also do. Windows will not stop you from opening your Documents folder, pressing Ctrl+A and delete, because it's not Windows' job to second guess your actions all the time. There may be legitimate uses for this (A quick and nasty way of "cleaning" a computer in preparation for giving it away for example), so Windows should allow this to occur.

However, the same thing that allows you to delete all your personal documents also allows a program to do the same job on your behalf. Whether you intended the program to do it or not is also not Windows' responsibility to decide, it's your responsibility as the user whether or not you run said program in some fashion.

Now, to bring it back to Cryptolocker that you seem to think macos is safe from, news flash mate, it's just as vulnerable to this issue as Windows, as is Linux. If the damage it wants to do is limited to user accessible areas (Which in reality, is more than enough), then it doesn't need Administrator credentials, and it doesn't need to exploit anything in the operating system to deliver its payload, it simply requires someone unfortunate enough to be the victim.

See, Windows provides the safety measures by isolating users into their own accounts, so one user's data loss doesn't extend across all other users. It also protects itself by restricting the ability of a user to trash the whole system unintentionally (Well, modern Windows does, not Windows XP). Therefore, the damage a user, or a program acting on the user's behalf, by default, is restricted to that which the user already has access, and it is this ability that Cryptolocker exploits to do its damage.
Personally I'm surprised it's taken this long for this to be a big deal, because IMO, this is far more damaging than displaying annoying messages, stopping the computer from booting, or most other actions malware take. Data is so much more valuable than anything else, so when you mess with it, you're really attacking hard.

As for your "fix the holes" attack, good god, you really have no idea do you about how to write software, how complicated it is, and where so many potential bugs lie.

Edited by Ideas Man, Nov 30 2013, 1:05am :

I understand how software works. What you are explaining is virus infection due to user error. What we are talking here is fault or holes in windows OS. For example remote malicious code injection due to inherent security flaw in the OS architecture. There is no user input required in this case. Simply visiting a website and windows allowing the malicious code to run automatically is flaw in the system. User can't be blamed for everything.

I am not related to software industry but I have basic understanding of how program works. You need to understand what you are explaining such as use error to flaw in system architecture. I was talking about flaw in system architecture which are patched by MS. The recent SVCHOST bug in XP has nothing to do with user opening infected file but it is issue with the OS itself.

Yeah, Windows has those issues too, but I was addressing your original post, which is more geared towards Cryptolocker than what you're now addressing. Sure, the thread morphed into something else to combat other parts of your initial discussion, but the other half wasn't being addressed, so I addressed it.

Again, the other operating systems have similar issues that are less likely to be reported, due to their fringe uses, and other programs on Windows also provide those same avenues for exploitation (Think god awful Java, Adobe Flash/Reader, etc.). While Windows has issues on its own, other software can also be used to provide the same (Or worse) holes that Windows was once vulnerable to, simply due to their poorly coded nature, and worringly, they then transport that flaw across to other operating systems as they're ported.

Microsoft did a lot of work between Windows Vista and Windows XP to address a lot of this stuff, and a lot of it was major re-architectural coding to significantly strengthen Windows broadly (UAC for example, a big one). Most of these changes are not back-portable to Windows XP, nor should they, because they represent a leap in Windows OS design that warrants a whole new release of Windows. To whinge about issues in Windows XP, an operating system that was designed around the time the Internet was still exploding (And still in dial-up days for a long period of time), when Microsoft has addressed these in modern versions, is really quite sad.

The bugs have been fixed, mitigated, or mostly nullified, so your claim that changing to macos to protect against flaws in Windows XP, rather than upgrading to at least Windows 7, or Windows 8.1, makes no sense.

This is notable because the source specifically mentions that they "released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue", so clearly, Microsoft did fix this issue in the last 10 years.

So really, what exactly was the point in your initial post again? Smells like trolling to me.

Instead of relying on Microsoft to "protect customers" people should be proactive and not use an antiquated 12+ year old operating system and live in the now. No exemption for businesses either, get with the times!

Nogib said,
Instead of relying on Microsoft to "protect customers" people should be proactive and not use an antiquated 12+ year old operating system and live in the now. No exemption for businesses either, get with the times!

Sheesh!

Would you get people get off your high horse and come up with something a little more original than that old a** line!

Because it's proven and reliable in a business environment, and still has the greater application support. Although I've yet to find any software compatible with 7 that doesn't also run in 8's desktop mode.

As much as I like Win 8/8.1, I can't deny 7 is still also a solid choice for business.