Microsoft recommends a workaround to block the exploit that takes advantage of a flaw detected in a component Windows XP Kernel.

Microsoft is ending support for Windows XP on April 8, 2014, and until then it will continue to release security patches for the 12-year old operating system. On Wednesday, a latest security advisory published on the official website, which addresses a vulnerability discovered by researchers at FireEye, a member of the Microsoft Active Protections Program (MAAP).

The vulnerability lets attackers to exploit a flaw in a component of the kernel of Windows XP (and Windows Server 2003) to execute arbitrary code on the victim’s computer.

The success of the attack, of which traces were found on the Internet, requires no user intervention. However, an attacker must have valid login credentials to exploit this vulnerability and can’t log on to the system remotely.

The vulnerability EoP (Elevation of Privilege) is exploited in combination with a vulnerability in Adobe Reader 9.5.4, 10.1.6, 11.0.02 and earlier on Windows XP SP3, by opening an infected PDF file. The latest versions of Adobe software and the most modern Microsoft operating systems are immune from the problem.

In detail, the bug is found in the kernel component NDProxy.sys, which doesn’t properly validate input data. This involves the execution of arbitrary code in kernel mode, and “an attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”

Microsoft recommends customers to apply the workaround described in advisory until they prepare a final patch. To implement the workaround, follow these steps:

  1. From an elevated command prompt, execute the following commands:

    sc stop ndproxy
    reg add HKLM\System\CurrentControlSet\Services\ndproxy /v ImagePath /t REG_EXPAND_SZ /d system32\drivers\null.sys /f

  2. Restart the system.

Note: The workaround disables ndproxy service (NDProxy.sys), which will affect certain depended services such as Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).

As always it’s good to avoid unsafe websites and use firewalls, antivirus software and always keep them updated to the latest version. As Windows XP’s retirement is approaching, it would be better to install a modern operating system such as Windows 7 or Windows 8.1.

1 COMMENT

  1. This would be hilarious if not tragic. As a home user of XP64, I stopped installing “security updates” a long time ago. They are junk.

    I have had more meltdowns during or after allowing my custom built high end work station update via Microsoft than any other single scenario. Just don’t install their foolish fixes for their junk software, practice solid defensive use of the net etc, and carry on beautifully without the insult of spinning icons. And oh yeah, dump Internet Explorer (they still make that?) Outlook, Windows Media Player, and Office for Firefox, Thunderbird, Winamp, and Sun Open Office.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.