If you’re still working with XP, now may be an excellent time to upgrade; the bug reports continue to increase, and Microsoft just issued a new one that could potentially damage a business’ internal infrastructure.
As of the 27th, Microsoft has launched an official security advisory for all Windows XP users. While the instances of the vulnerability have been limited at best, there have still been a number of reports. The new bug allows a user – say, a limited-use user of a computer that has a different admin – to elevate themselves to the admin position on any machine. While in some ways this may be harmless, most anyone that is exploiting this flaw in XP would likely use it to view, change, or delete data or accounts, in addition to having the ability to run malicious code in kernel programs to collect or damage important data.
Microsoft assures its XP users that they are working on correcting this flaw as soon as possible and that an update will be available soon. The company also mentions that an intruder must have a valid login to the computer in the first place and cannot take advantage of a locked machine that’s password protected. Furthermore, no reports have been made of any sort of remote access, even if the computer is logged in and in use.
Microsoft states that once it’s done with the investigation, it believes that the easiest way to deal with the issue will be to provide a security update that’s early or, if they cannot fix it with a simple update, changing the way the obsolete login works in the next monthly update coming up in January.
XP has been around for over a decade now and is Microsoft’s oldest version of Windows that still maintains an update schedule. Support for XP will be ending early next year, so problems such as the one above will no longer be repaired officially through Windows security updates.
The official security advisory can be found here along with the suggestion actions.