A zero-day exploit affecting XP and Server 2003 in December 2013 has given users a glimpse of what lies ahead when support for these products is discontinued by Microsoft.
Although the software giant announced it was working on a fix for this particular security threat, users were reminded that, after April next year, patches and fixes for these products will no longer be distributed, leaving older systems vulnerable to attack.
Elevation of privilege
The exploit is an elevation of privilege (EoP), meaning it isn’t dangerous by itself but when used in conjunction with another vulnerability, it could pose a threat. EoP allows the attackers to gain access to resources which the user can’t usually get to.
Microsoft explained: “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new account with full administrative rights.”
Essentially, the attacker gains access to resources beyond what an administrator could. In this particular case, the EoP is being used in conjunction with an Adobe Reader exploit, which is targeting versions 9.5.4, 10.1.6, 11.0.02 and earlier.
The best way to avoid falling victim to this exploit is to upgrade the computer’s operating system to any later version of Windows, especially given the April 2014 support deadline. Quite simply, attacks which occur after this date will not be Microsoft’s responsibility.
What is a zero-day attack?
A zero-day attack is when a vulnerability is exploited by the hacker before the developer of the software is aware of it. This leaves the vendor no time to address the weakness before attackers begin taking advantage. Knowledge of the exploit is then spread around, leaving users susceptible to having their personal information or confidential data stolen.
Currently the only known version of this exploit causes an attack by opening a malicious PDF, which then drops in a backdoor into the system. It isn’t known if the PDF is being sent via an internet browser, email or in some other way, but users should obviously avoid downloading or opening anything they do not recognise just to be sure.
Patched Adobe users should be fine, but anyone using XP or Server 2003 should seek advice regarding an upgrade since other attacks exploiting other program vulnerabilities may become more prevalent in the lead up to Microsoft’s April 2014 support cut-off.