Firms urged to ditch Windows XP after zero-day attack discovered in the wild

A zero-day vulnerability in Microsoft's Windows XP and Server 2003 has been discovered and is being actively targeted by hackers, leading to fresh calls for businesses to move to newer Windows versions sooner rather than later.
FireEye researchers Xiaobo Chen and Dan Caselden reported uncovering the vulnerability in a blog post, confirming that it only affects Windows XP systems.

"FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP," read the post.

The researchers confirmed evidence that the vulnerability is being actively targeted by hackers. "This local privilege escalation vulnerability is used in the wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability," read the post.

"The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it."

Microsoft Trustworthy Computing (TwC) group manager for incident response communications Dustin Childs confirmed the company is aware of the issue and is working on a fix. In the interim he recommended that XP users employ a temporary workaround fix. "While we are actively working to develop a security update to address this issue, we encourage customers running Windows XP and Server 2003 to deploy the following workarounds," he said.

"Delete NDProxy.sys and reroute to Null.sys. For environments with non-default, limited user privileges, Microsoft has verified that the following workaround effectively blocks the attacks that have been observed in the wild."

The zero-day vulnerability's discovery has led to fresh calls within the security community for XP users to update their systems to run newer Windows versions. The SANS Internet Storm Center (ISC) issued a public advisory, warning XP users the new vulnerability is only the tip of the iceberg.

"The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero-day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014," read the ISC post.

"If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The 'never do what you can put off until tomorrow' project management approach on this is on a ticking clock, if you leave it until April comes you'll be migrating during active hostilities."

Microsoft is set to officially cut support for its decade-old Windows XP operating system in April 2014. Despite the looming cut-off, widespread reports suggest many companies have still not begun migrating their systems to run newer versions of Windows although some firms are now on this path.