14 DAY TRIAL // Microsoft has confirmed that it’s investigating reports of a critical security flaw that would affect Windows XP users, saying that it’s aware of “limited, targeted attacks that attempt to exploit this vulnerability.”
The glitch, which was first reported by FireEye Labs, affects the Windows kernel and could allow elevation of privilege, which means that an attacker who successfully exploits it could run arbitrary code.
Newer operating systems are not affected by this flaw, the company said in a security advisory issued today.
“Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003,” Redmond explained.
“The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”
FireEye Labs said that the same flaw also affects Adobe Reader and recommended users to update to the latest version of the application in order to stay secure.
“The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP,” the security company said in a post. “We are collaborating with the Microsoft Security team on research activities.”
Windows XP will be officially discontinued on April 8, 2014, but the operating system continues to power more than 30 percent of computers worldwide, according to third-party data provided by Net Applications.
Microsoft hopes that most users will actually dump Windows XP and move to a newer platform before end of support comes, in an attempt not only to keep everyone fully protected, but also to boost the market share of its modern operating systems, including Windows 8 and 8.1.