- Aug 26, 2012
- 257
Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.
Apparently, the bug, dubbed CVE-2013-5065, is being exploited in the wild, though details of exactly how, where, by whom and to what effect are not known.
That makes it rather hard to decide exactly how to respond, but here's what we know so far:
Source: http://nakedsecurity.sophos.com/201...ay-xp-kernel-bug-being-exploited-in-the-wild/
Apparently, the bug, dubbed CVE-2013-5065, is being exploited in the wild, though details of exactly how, where, by whom and to what effect are not known.
That makes it rather hard to decide exactly how to respond, but here's what we know so far:
- The bug is in the NDPROXY.SYS driver, which co-ordinates the operation of Microsoft's Telephony API (TAPI).
- The exploit doesn't allow remote code execution on its own, only an elevation of privilege (EoP).
- The vulnerability exists in Windows XP and Server 2003 only.
- No formal patch or Fixit has been published yet.
- A simple registry tweak can immunise an XP computer against the vulnerability.
- The registry tweak has some side-effects you need to know about.
Source: http://nakedsecurity.sophos.com/201...ay-xp-kernel-bug-being-exploited-in-the-wild/