Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

XP bug reminds users of threats to come

December 15, 2013

XP bug reminds users of threats to come

A zero-day exploit affecting XP and Server 2003 in December 2013 has given users a glimpse of what lies ahead when support for these products is discontinued by Microsoft.



Another month and another security threat to XP and Server 2003. So despite an announcement from Microsoft that it was working on a fix for this particular bug, users have again been reminded that, after April next year, fixes for these products will no longer be distributed.


Elevation of privilege

The exploit is an elevation of privilege (EoP), meaning it isn’t dangerous by itself but when used in conjunction with another vulnerability, it could pose a threat. EoP allows the attackers to gain access to resources which the user can’t usually get to.

Microsoft explained: "An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new account with full administrative rights."

Essentially, the attacker gains access to resources beyond what an administrator could. In this particular case, the EoP is being used in conjunction with an Adobe Reader exploit, which is targeting versions 9.5.4, 10.1.6, 11.0.02 and earlier.


Essentially, the attacker gains access to resources beyond what an administrator could. In this particular case, the EoP is being used in conjunction with an Adobe Reader exploit, which is targeting versions 9.5.4, 10.1.6, 11.0.02 and earlier.

The best way to avoid falling victim to this exploit is to upgrade the computer’s operating system to any later version of Windows, especially given the April 2014 support deadline. Quite simply, attacks which occur after this date will not be Microsoft’s responsibility.

 What is a zero-day attack?

A zero-day attack is when a vulnerability is exploited by the hacker before the developer of the software is aware of it. This leaves the vendor no time to address the weakness before attackers begin taking advantage. Knowledge of the exploit is then spread around, leaving users susceptible to having their personal information or confidential data stolen.

Currently the only known version of this exploit causes an attack by opening a malicious PDF, which then drops in a backdoor into the system. It isn’t known if the PDF is being sent via an internet browser, email or in some other way, but users should obviously avoid downloading or opening anything they do not recognise just to be sure.

Patched Adobe users should be fine, but anyone using XP or Server 2003 should seek advice regarding an upgrade since other attacks exploiting other program vulnerabilities may become more prevalent in the lead up to Microsoft’s April 2014 support cut-off.

 If you are not sure of how to upgrade from XP, want to know if you are vulnerable or require more information or assistance then please contact us on 020 7 621 7836 or email info@cstl.com. We are always keen to help.