Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild

Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild
Fireeye posted a story earlier today outlining a zero day affecting XP and Windows 2003: http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html Microsoft has followed it up with a matching post: Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege: https://technet.microsoft.com/en-us/security/advisory/2914486 Note that the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions. The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 (which we're now officially calling "WinMageddon"), that their exploits will work forever against hundreds of thousands (millions?) of XP workstations. ( http://windows.microsoft.com/en-us/windows/lifecycle ) If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The "never do what you can put off until tomorrow" project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities. =============== Rob VandenBrink Metafore	Rob VandenBrink 542 Posts ISC Handler Nov 28th 2013
Subscribe	Nov 28th 2013 6 years ago
"Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014" Is there any evidence, we can use to show that, or is it still just opinion that some malware authors are sacrificing opportunities to exploit zero days; in order to wait, until they won't be patched? "If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. " Completely eradicating the presence of XP may be easier said than done. Old hardware still in use that can't run Vista or newer --- the sudden cost will be difficult to justify. Then there are the folks who may occassionally plug a personal laptop in; fact is, we need the attitude that "Windows XP just works" to go away, first.	Mysid 146 Posts
Quote	Nov 28th 2013 6 years ago
Not including DOS, 3.X to 3.11 there has not been one Microsoft product that has not experienced a host of upgrades, SP as will Windows 7, 8 given their same saturation rate. Billionaire and Bill Gates have the same first 4 letters not by mistake! What was once "no issues with OSx" negative ghost rider or Droid et al. Fact is, software is nothing but a sequential links of a chain waiting for failure, anyone who thinks differently needs to stick to pen/pencil or paper.	ICI2I 63 Posts
Quote	Nov 28th 2013 6 years ago
Just a comment on cost to upgrade hardware in support of XP replacement. Any IT Director/Manager worth his/her salt will have already planned for this eventuality.	ICI2I 4 Posts
Quote	Dec 2nd 2013 6 years ago

Fireeye posted a story earlier today outlining a zero day affecting XP and Windows 2003:
http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

Microsoft has followed it up with a matching post:
Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege:
https://technet.microsoft.com/en-us/security/advisory/2914486

Note that the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions.

The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 (which we're now officially calling "WinMageddon"), that their exploits will work forever against hundreds of thousands (millions?) of XP workstations. ( http://windows.microsoft.com/en-us/windows/lifecycle )

If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The "never do what you can put off until tomorrow" project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities.

===============
Rob VandenBrink
Metafore

Rob VandenBrink

542 Posts
ISC Handler

Nov 28th 2013

"Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014"

Is there any evidence, we can use to show that, or is it still just opinion that some malware authors are sacrificing opportunities to exploit zero days; in order to wait, until they won't be patched?

"If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. "

Completely eradicating the presence of XP may be easier said than done.
Old hardware still in use that can't run Vista or newer --- the sudden cost will be difficult to justify.

Then there are the folks who may occassionally plug a personal laptop in; fact is, we need the attitude that "Windows XP just works" to go away, first.

Mysid

146 Posts

Not including DOS, 3.X to 3.11 there has not been one Microsoft product that has not experienced a host of upgrades, SP as will Windows 7, 8 given their same saturation rate. Billionaire and Bill Gates have the same first 4 letters not by mistake!

What was once "no issues with OSx" negative ghost rider or Droid et al. Fact is, software is nothing but a sequential links of a chain waiting for failure, anyone who thinks differently needs to stick to pen/pencil or paper.

ICI2I

63 Posts

Just a comment on cost to upgrade hardware in support of XP replacement. Any IT Director/Manager worth his/her salt will have already planned for this eventuality.

ICI2I
4 Posts