Microsoft Issue Warning over New Security Bug

Posted by on Nov 29, 2013 in Uncategorized | 0 comments

Microsoft Issue Warning over New Security Bug

Microsoft has issued a security warning about a recently discovered computer bug in older version of their Windows XP that could let attackers remotely take over a computer. This security vulnerability affects both Microsoft Windows XP and Microsoft Windows Server 2003 and it is currently being actively exploited by cyber-thieves, it said.

Microsoft has taken the unusual step of issuing a temporary workaround that closes the loophole in their software. We advise any users to ensure their software is up to date and secure.

However, they acknowledged that applying this fix could possibly break some Windows functions that people regularly use.

A picuture of an insect on an enter key closeup

Security firm FireEye has been credited with finding the Windows XP bug that lets an attacker piggyback on an already known security flaw in some older versions of Adobe Reader. Via the Adobe bug, the FireEye researchers found evidence that attackers were able to “escalate” the access they were granted to the system to eventually allow them to install their own malicious code.

Microsoft said it was aware of “limited, targeted” attacks using the combined bug to attack PCs.

Microsoft has issued advice to customers saying they should turn off some system services to stop the attack working. It warned however, that turning off the vulnerable service could shut down some widely used networking functions including the ability to access a machine over the net or use a PC to work remotely over a virtual private network (VPN).

Microsoft are said to be working on a comprehensive security fix for the loophole and they have said that they hope to include this in a future security update via Windows Update.

Although Windows XP has been superseded by versions 7 and 8 of Microsoft’s flagship operating system, the older software is still widely used in both the UK and overseas, especially in the emerging markets. Recent market research figures suggests about one-third of PCs globally still run Microsoft XP.

FireEye have also advised that some users have reported that once they upgrade to the latest version of Adobe Reader, they are no longer vulnerable to the combined attack.


Comments are closed.