Post by sherlew99 on Nov 28, 2013 15:11:30 GMT -6
Microsoft warns of zero-day XP kernel bug being exploited in the wild
by Paul Ducklin on November 28, 2013
Apparently, the bug, dubbed CVE-2013-5065, is being exploited in the wild, though details of exactly how, where, by whom and to what effect are not known.
That makes it rather hard to decide exactly how to respond, but here's what we know so far:
The bug is in the NDPROXY.SYS driver, which co-ordinates the operation of Microsoft's Telephony API (TAPI).
The exploit doesn't allow remote code execution on its own, only an elevation of privilege (EoP).
The vulnerability exists in Windows XP and Server 2003 only.
No formal patch or Fixit has been published yet.
A simple registry tweak can immunise an XP computer against the vulnerability.
The registry tweak has some side-effects you need to know about.
by Paul Ducklin on November 28, 2013
Apparently, the bug, dubbed CVE-2013-5065, is being exploited in the wild, though details of exactly how, where, by whom and to what effect are not known.
That makes it rather hard to decide exactly how to respond, but here's what we know so far:
The bug is in the NDPROXY.SYS driver, which co-ordinates the operation of Microsoft's Telephony API (TAPI).
The exploit doesn't allow remote code execution on its own, only an elevation of privilege (EoP).
The vulnerability exists in Windows XP and Server 2003 only.
No formal patch or Fixit has been published yet.
A simple registry tweak can immunise an XP computer against the vulnerability.
The registry tweak has some side-effects you need to know about.
Click here to read the rest of the article.