+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
IT News Thread, Hackers find first post-retirement Windows XP-related vulnerability in Other News; No surprises here. Source : Computer World Microsoft on Saturday told customers that cyber-criminals are exploiting an unpatched and critical ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,893
    Thank Post
    226
    Thanked 2,673 Times in 1,971 Posts
    Rep Power
    786

    Hackers find first post-retirement Windows XP-related vulnerability

    No surprises here.

    Source: Computer World

    Microsoft on Saturday told customers that cyber-criminals are exploiting an unpatched and critical vulnerability in Internet Explorer (IE) using "drive-by" attacks.

    According to Microsoft, the attacks have been launched against IE users tricked into visiting malicious websites. Such attacks, dubbed "drive-bys," are among the most dangerous because a vulnerable browser can be hacked as soon as its user surfs to the URL.

    All currently-supported versions of IE are at risk, Microsoft said, including 2001's IE6, which still receives patches on Windows Server 2003. The same browser will not be repaired on Windows XP, as the operating system was retired from patch support on April 8.

    The IE flaw was the first post-retirement bug affecting XP.

    And that's important.

    Because Microsoft will eventually patch the drive-by bug in IE6, IE7 and IE8, then deliver those patches to PCs running Windows Vista and Windows 7, it's likely that hackers will be able to uncover the flaw in the browsers' code, then exploit it on the same browsers running on Windows XP.

    Microsoft said that was the biggest risk of running XP -- and IE on it -- after the operating system was retired, claiming last year that XP was 66% more likely to be infected with malware once patching stopped.

    Windows XP users can make it more difficult for attackers to exploit the IE bug by installing the Enhanced Mitigation Experience Toolkit (EMET) 4.1, an anti-exploit utility available on Microsoft's website.

    The security advisory included other steps customers can take to reduce risk. Among them is to "unregister" the vgx.dll file. That .dll (for dynamic-link library) is one of the modules that renders VML (vector markup language) within Windows and IE.

    Another way Windows XP users can avoid IE-based attacks is to switch to an alternate browser, like Google's Chrome or Mozilla's Firefox. Both will continue to receive security updates for at least the next 12 months.

  2. 2 Thanks to Arthur:

    LosOjos (28th April 2014), mark (28th April 2014)

  3. #2

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,452
    Thank Post
    1,439
    Thanked 1,170 Times in 798 Posts
    Rep Power
    707
    Makes the 6 hours I spent getting my Mom's old PC upgraded to a point it could take Windows 8 yesterday afternoon seem worth it, thanks for sharing!

  4. #3

    CESIL's Avatar
    Join Date
    Nov 2006
    Location
    Hampshire
    Posts
    1,404
    Thank Post
    109
    Thanked 267 Times in 198 Posts
    Rep Power
    168
    And this warning come from Microsoft who really want people to buy their latest OS to which end a scare story will help... Hmmm
    I notice MS don't point out that users can avoid the problem by not using IE, an application that nobody I know has used for years.
    Oh and before anybody says it, I am not suggesting users shouldn't upgrade, just that they shouldn't be frightened into doing it.

    To paraphrase Michael Moore,
    "Welcome to the world of....BOOOO!"

  5. #4

    Join Date
    May 2010
    Posts
    1,029
    Thank Post
    105
    Thanked 87 Times in 64 Posts
    Rep Power
    49
    Maybe I can use this to push through getting the last few XP machines here upgraded...

  6. #5

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,093
    Thank Post
    592
    Thanked 1,953 Times in 1,351 Posts
    Blog Entries
    19
    Rep Power
    814
    Quote Originally Posted by caffrey View Post
    Maybe I can use this to push through getting the last few XP machines here upgraded...
    That's what I've just done.

    TBF, it's only ONE machine...

  7. #6

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,452
    Thank Post
    1,439
    Thanked 1,170 Times in 798 Posts
    Rep Power
    707
    Quote Originally Posted by CESIL View Post
    And this warning come from Microsoft who really want people to buy their latest OS to which end a scare story will help... Hmmm
    I notice MS don't point out that users can avoid the problem by not using IE, an application that nobody I know has used for years.
    Oh and before anybody says it, I am not suggesting users shouldn't upgrade, just that they shouldn't be frightened into doing it.

    To paraphrase Michael Moore,
    "Welcome to the world of....BOOOO!"
    Very true, it does stink that they're going to push an IE update to 2003 but not XP - it's the same piece of software! To my mind, support for XP has ended, not IE, but that said there really is no [good] excuse to hang on to XP at this stage.

  8. #7

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,384
    Thank Post
    597
    Thanked 2,168 Times in 992 Posts
    Blog Entries
    23
    Rep Power
    629
    Playing devils advocate here, but those who would seek to expolit XP have most likely been sitting on any zero day exploits they have figured out safe in the knowlege they can run with them the minute support for XP ends. This comes as no surprise to me tbh.
    And c'mon, it's a 13 year old O/S, it had to be cut off at some point.

  9. Thanks to Dos_Box from:

    ICTDirect_Dave (28th April 2014)

  10. #8
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    970
    Thank Post
    41
    Thanked 80 Times in 76 Posts
    Rep Power
    20
    I wouldn't dare still use XP. Non technical users seem to find these drive by sites/java exploits/flash exploits etc. IE10/IE11 enhanced protected mode seems to be the way to go. MS could just offer a cheap upgrade, like apple. £20-30 to go to Win 8.1 for home users.
    MinionPapple.png

  11. #9


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,893
    Thank Post
    226
    Thanked 2,673 Times in 1,971 Posts
    Rep Power
    786
    Quote Originally Posted by CESIL View Post
    I notice MS don't point out that users can avoid the problem by not using IE
    I wouldn't expect them to. That would be like Google telling people to use Firefox when there's a vulnerability found in Chrome. Not gonna happen!

    Quote Originally Posted by CESIL View Post
    I am not suggesting users shouldn't upgrade, just that they shouldn't be frightened into doing it.
    How else would you get XP users to upgrade? There aren't really any other options at this stage.

  12. #10

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,106
    Thank Post
    386
    Thanked 432 Times in 320 Posts
    Rep Power
    383

  13. #11
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    17
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    So, how about practical discussion of how to protect our networks?

    Create \\server\share\unregvgx.bat (or .cmd or whatever you like) containing this:
    "%SystemRoot%\System32\regsvr32.exe" -u -s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

    You all know where to get psexec: http://live.sysinternals.com/psexec.exe -- run this command:
    psexec -h -u domain\adminUserName \\* \\server\share\unregvgx.bat

    Quick and dirty and gets it out there to everything that's already booted up and listed in Active Directory. Also add \\server\share\unregvgx.bat to startup and login scripts. There are other ways to do all of this that are more refined but I like quick and dirty for stuff like this.

    Thoughts? Will that suffice to protect my network until Microsoft releases a patch?

  14. #12
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    17
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    One other question: What is the actual exploit being used for? What kind of damage/payload are we looking at?

    Is there a known example of the exploit I can test against, as in a URL I can go to and see if I get infected?

  15. #13

    Join Date
    May 2010
    Posts
    1,029
    Thank Post
    105
    Thanked 87 Times in 64 Posts
    Rep Power
    49
    I went one step further and just put a file restriction policy on iexplore.exe on the XP machines, we are chrome users here so no need for it

  16. #14


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,893
    Thank Post
    226
    Thanked 2,673 Times in 1,971 Posts
    Rep Power
    786
    One final patch for XP?

    Emergency patch for critical IE 0-day throws lifeline to XP laggards, too « Ars Technica

    Microsoft has released an emergency update for all recent Windows operating systems—including the recently decommissioned XP—fixing a critical security bug that is currently being exploited in real-world attacks.

    The decision to patch XP underscores the potential seriousness of the vulnerability. Since it resides in versions 6 through 11 of Internet Explorer, the remote code-execution hole leaves an estimated 26 percent of Internet browsers susceptible to attacks that can surreptitiously install hacker-controlled backdoors when users visit a booby-trapped website. By some measures, 28 percent of the Web-using public continues to use the aging OS, which lacks crucial safety protections built into Windows 7 and 8.1. Thursday's release demonstrates the razor-thin tightrope Microsoft walks as it tries to wean users off a platform it acknowledges is no longer safe against modern hacks. While the XP fix may deprive some laggards of the incentive to upgrade, Microsoft also has a responsibility to prevent exploits that could turn large numbers of the Internet population into compromised platforms that attack others.
    Quote Originally Posted by ronanian View Post
    Will that suffice to protect my network until Microsoft releases a patch?
    Although the patch is available now, disabling/uninstalling Flash Player and/or installing EMET would have prevented the attack from working according to FireEye.

    Mitigation
    Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer. EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests.

    Enhanced Protected Mode in IE breaks the exploit in our tests. EPM was introduced in IE10.

    Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning. (Source)
    Last edited by Arthur; 1st May 2014 at 07:44 PM.

  17. #15
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    970
    Thank Post
    41
    Thanked 80 Times in 76 Posts
    Rep Power
    20
    M$ shouldn't have done that. How on earth will we get rid of xp.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 26
    Last Post: 1st March 2014, 11:02 PM
  2. [Windows Software] Windows XP VLK Licensing Question (Imaging)
    By mmoseley in forum Licensing Questions
    Replies: 5
    Last Post: 14th February 2011, 04:27 PM
  3. [Windows Software] Windows XP as virtual machine
    By albertwt in forum Licensing Questions
    Replies: 6
    Last Post: 5th August 2010, 02:20 AM
  4. Replies: 2
    Last Post: 1st July 2010, 03:52 PM
  5. [Windows Software] Deploying Windows XP VM
    By albertwt in forum Licensing Questions
    Replies: 5
    Last Post: 5th April 2010, 08:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •