Microsoft recommends a workaround to block the exploit that takes advantage of a flaw detected in a component Windows XP Kernel.
Microsoft is ending support for Windows XP on April 8, 2014, and until then it will continue to release security patches for the 12-year old operating system. On Wednesday, a latest security advisory published on the official website, which addresses a vulnerability discovered by researchers at FireEye, a member of the Microsoft Active Protections Program (MAAP).
The vulnerability lets attackers to exploit a flaw in a component of the kernel of Windows XP (and Windows Server 2003) to execute arbitrary code on the victim’s computer.
The success of the attack, of which traces were found on the Internet, requires no user intervention. However, an attacker must have valid login credentials to exploit this vulnerability and can’t log on to the system remotely.
The vulnerability EoP (Elevation of Privilege) is exploited in combination with a vulnerability in Adobe Reader 9.5.4, 10.1.6, 11.0.02 and earlier on Windows XP SP3, by opening an infected PDF file. The latest versions of Adobe software and the most modern Microsoft operating systems are immune from the problem.
In detail, the bug is found in the kernel component NDProxy.sys, which doesn’t properly validate input data. This involves the execution of arbitrary code in kernel mode, and “an attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”
Microsoft recommends customers to apply the workaround described in advisory until they prepare a final patch. To implement the workaround, follow these steps:
- From an elevated command prompt, execute the following commands:
sc stop ndproxy
reg add HKLM\System\CurrentControlSet\Services\ndproxy /v ImagePath /t REG_EXPAND_SZ /d system32\drivers\null.sys /f
- Restart the system.
Note: The workaround disables ndproxy service (NDProxy.sys), which will affect certain depended services such as Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).
As always it’s good to avoid unsafe websites and use firewalls, antivirus software and always keep them updated to the latest version. As Windows XP’s retirement is approaching, it would be better to install a modern operating system such as Windows 7 or Windows 8.1.