Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel 0 day exploit in wild

Fireeye posted a story earlier today outlining a zero day affecting XP and Windows 2003:
http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

Microsoft has followed it up with a matching post:
Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege:
https://technet.microsoft.com/en-us/security/advisory/2914486

Note that the temporary fix outlined breaks some windows features, specifically some IPSEC VPN functions.

The real story here isn't the zero day or the workaround fix, or even that Adobe is involved.  The real story is that this zero day is just the tip of the iceberg.  Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 (which we're now officially calling "WinMageddon"), that their exploits will work forever against hundreds of thousands (millions?) of XP workstations.   ( http://windows.microsoft.com/en-us/windows/lifecycle )

If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8.  The "never do what you can put off until tomorrow" project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities.

===============
Rob VandenBrink
Metafore

Rob VandenBrink

458 Posts
ISC Handler
"Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014"

Is there any evidence, we can use to show that, or is it still just opinion that some malware authors are sacrificing opportunities to exploit zero days; in order to wait, until they won't be patched?

"If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. "

Completely eradicating the presence of XP may be easier said than done.
Old hardware still in use that can't run Vista or newer --- the sudden cost will be difficult to justify.

Then there are the folks who may occassionally plug a personal laptop in; fact is, we need the attitude that "Windows XP just works" to go away, first.
Mysid

146 Posts Posts
Not including DOS, 3.X to 3.11 there has not been one Microsoft product that has not experienced a host of upgrades, SP as will Windows 7, 8 given their same saturation rate. Billionaire and Bill Gates have the same first 4 letters not by mistake!

What was once "no issues with OSx" negative ghost rider or Droid et al. Fact is, software is nothing but a sequential links of a chain waiting for failure, anyone who thinks differently needs to stick to pen/pencil or paper.
ICI2I

62 Posts Posts
Just a comment on cost to upgrade hardware in support of XP replacement. Any IT Director/Manager worth his/her salt will have already planned for this eventuality.
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!