new microsoft application security problem
DESCRIPTION
A zero-day attack on Microsoft XP has been discovered, emphasising the need for businesses to be using the latest software to prevent data loss. http://www.storetec.net/news-blog/new-microsoft-application-security-problem.TRANSCRIPT
New Microsoft Application Security Problem
Facebook.com/storetec
Storetec Services Limited
@StoretecHull www.storetec.net
A zero-day attack on Microsoft XP has been discovered, emphasising the need for businesses to be using the latest software to prevent data loss.
Having warned its users about the potential for such attacks at the beginning of November, Microsoft is working on the problem and has released suggestions for users that have been affected.
FireEye researchers Xiaobo Chen and Dan Caselden reported uncovering the vulnerability in one of their blog posts and have stated that the attack will only affect those using XP.
They said: "The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel.“
Dustin Childs, Microsoft Trustworthy Computing group manager for incident response communications, offered customers a temporary solution: "Delete NDProxy.sys and reroute to Null.sys. For environments with non-default, limited user privileges, Microsoft has verified that the following workaround effectively blocks the attacks that have been observed in the wild."
The attack also affects those who are using Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior. Such users are strongly advised to update to the most recent version. Users running the most recent version will not be affected by this security threat.
This security scare has led to the SANS Internet Storm Centre issuing a plea for users to run the most recent version of software. It warns that this security breach is just "the tip of the iceberg" and said that no task was more urgent than to migrate to Windows 7 or 8 as soon as possible.
The final set of hotfixes for Windows XP is expected in April 2014, and therefore after that date malware authors know that their exploits will wreak havoc against an unprecedented number of XP users. Any XP users attempting to upgrade after this date will do so the software is especially vulnerable to attacks, putting the security of their data at an even higher risk.
Storetec News/Blogs."http://www.storetec.net/news-blog/new-microsoft-application-security-problem". New Microsoft
application security problem. November 29, 2013. Storetec.