Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft may end antivirus updates on XP in April

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
mogs Microsoft may end antivirus updates on XP in April
Expert Contributor 31st Oct, 2013 17:13
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Summary: If you continue to use Windows XP after it goes end-of-life next April you won't just be without security patches. You'll be without signature updates for your Microsoft Security Essentials antivirus.

Larry Seltzer
By Larry Seltzer for Zero Day | October 31, 2013 -- 12:30 GMT

Just days after sending a clear message about the trouble awaiting Windows XP users next April when Microsoft ends security updates for the operating system (and for Office 2003), the company is saying that it may also stop delivering antivirus signature updates for Microsoft Security Essentials, their free antimalware product.

A spokesperson issued the following statement:

Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014. Running antivirus on out of support operating systems is not an adequate solution to help protect against threats. Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape. In addition, Microsoft recommends best practices to protect your PC such as: 1) running up to date antivirus, 2) regularly applying security updates for all software installed, and 3) using modern software that has advanced security technologies and is supported with regular security updates.
Microsoft's message about the advantages of consistently updated software is well-covered ground. By continuing antivirus updates, they would just be enabling behavior they have done their best to discourage. Users who insist on continuing to run Windows XP can shift to one of the other free products (such as Panda, AVG and Avira).

http://www.zdnet.com/microsoft-may-end-antivirus-u...

--

Post "RE: Microsoft may end antivirus updates on XP in April" has been selected as an answer.
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 4th Nov, 2013 15:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 4th, 2013, 13:03 GMT · By Bogdan PopaBLOG
Six Months Before Retirement, Windows XP SP2 Is Still More Expensive than Windows 8.1

Windows XP will be retired in less than six months, but several online retailers are still selling the operating system at fairly high prices.

Believe it or not, but the 11-year-old Windows XP remains more expensive than Windows 8.1 at some online stores, even though it’s available with a pretty big discount.

At this point, a copy of Windows XP Home Edition with Service Pack 2 is priced at $140.99 (€105) on Amazon, with a discount of 29 percent, as the original price of the package was $199.99 (€150).

While it’s hard to understand why someone would purchase Windows XP now that its demise is just around the corner, it’s a bit surprising to see that it’s still more expensive than the recently launched Windows 8.1.

The core version of 8.1 has a price tag of $119.99 (€90), while the Professional iteration has the same price as Windows XP Home Edition with SP2 – $199.99 (€150).

http://news.softpedia.com/news/Six-Months-Before-R...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 5th Nov, 2013 06:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 4th, 2013, 21:59 GMT · By Bogdan Popa
Microsoft Issues Yet Another Desperate Warning to Windows XP Users

April 8, 2014 is the date when no one is supposed to be using Windows XP anymore, as Microsoft would officially retire the operating system and push everyone to newer platforms.

The problem for Redmond is that users don’t really seem to care about all its security warnings and more than 30 percent of them are still running Windows XP right now.

Microsoft, on the other hand, goes on with its kill Windows campaign, this time using a statement supposed to bring in the spotlight the security risks of staying on XP beyond April.

Microsoft spokesperson Holly Stewart told ThreatPost that the company patched a total of 30 zero-day vulnerabilities this year, so without patches, there would have been 30 ways to exploit your operating system.

“From a security perspective, this is a really important milestone,” Stewart said. “Attackers will start to have a greater advantage over defenders. There were 30 security bulletins for XP this year, which means there would have been 30 zero-day vulnerabilities on XP [without support].”

Stewart has also explained that Windows XP is easier to hack because it’s based on older technologies, so cybercriminals already have the necessary know-how to break into machines still running this particular operating system. And without patches, everything is getting much worse.

“Older software is easier to break into and over time, cybercriminals learn how to bypass mitigations,” Stewart explained. “XP is no different. A good example is DEP (Data Execution Prevention) which was not commonly bypassed when it was released. The utility of that mitigation has degraded year over year.”

Of course, Microsoft expects all Windows XP users to move to either Windows 8 or Windows 8.1, but it turns out that the number one destination remains Windows 7. At this point, Windows 7 is powering more than 45 percent of computers worldwide, and the market share is very likely to grow bigger as we get closer to XP’s end of support date.

http://news.softpedia.com/news/Microsoft-Issues-Ye...

--
Was this reply relevant?
+0
-0
taffy078 RE: Microsoft may end antivirus updates on XP in April
Contributor 6th Nov, 2013 18:48
Score: 410
Posts: 1,280
User Since: 26th Feb 2009
System Score: 100%
Location: UK
what a farce Mogs! Has anyone told Google?

They "promised XP support for Chrome" until 2015 per http://secunia.com/community/forum/thread/show/145...

So does that mean that out there in the real world, customers will be using Chrome on their XP PC until 2015 thinking all is well - when in fact it won't be?!! Then I saw your post about XP still be sold at inflated prices!

These industry giants need their backside kicked very firmly. Was it Ralph Nader who put the fear of god in the American car industry years ago, siding with consumers and highlighting hidden automotive issues? There needs to be someone similar sorting out the computer giants.

Apologies for my rant - I've had four phone calls today: from "Worldwide web protection", "Internet Security Inc", "Microsoft Help Desk" (still trying that one!) and "WWW Safenet". The last was the best - I confused them by referring to WWE. Worldwide web were on for ten minutes (on speaker phone) thinking I was at my PC.

I'm experienced enough to ignore these idiots but how many Joe Public are still being conned while the PC giants sit on their b*ms?



--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 6th Nov, 2013 20:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@taffy

I think someone must be telling Google something : in the middle of all the Internet feuds, my browser is not too often unresponsive....quite unlike a palm leaf this Autumn !!
On the question of XP....a couple of Christmases, at least, must have gone by since MS's intentions first registered at home or abroad !! Even ET must have gotten the phone call ?!

At least this thread allows some room for airings in a stable forum ?!

Spare a thought for working in this environment (?!!)....as follows :-

Working for Google isn't all it's cracked up to be

Search engine employees gripe about those horrible, horrible perks
By Chris Merriman

EMPLOYEES of internet giant Google have revealed that its legendary office atmosphere is not all it's cracked up to be.
Responding to an enquiry on Q&A website Quora, Googlers have vented their top frustrations at working for the giant company, revealing why free stuff isn't really all that good, and why your job working for a pittance for the boss from hell isn't so bad, really.
Top gripes include the fact that making a difference in a company where even the janitor is overqualified is almost impossible, and as a result there's very little chance of promotion. The atmosphere is described as "sycophantic" and "arrogant", while whooping at news that you are largely ambivalent about apparently remains a must.
Other moans include the slow pace of development, a culture of "cool" over substance, and the "fun" banter between colleagues making it nearly impossible to get a straight answer to a straight question.

More to read at :-
http://www.theinquirer.net/inquirer/news/2305103/w...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 12th Nov, 2013 18:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 12th, 2013, 14:58 GMT · By Bogdan Popa
Bank, Government PCs Still Running Windows XP Six Months Before End of Support

Microsoft will retire Windows XP is about six months, but lots of businesses and users across the world are yet to start the transition to another operating system.

A study conducted by market consulting and analytics firm Ascentius Consulting revealed that no less than 52 percent of the computers owned by Indian banks are still running Windows XP, while 30 percent of the PCs used by the government are powered by the same aging OS.

What’s more, 26 percent of Indian manufacturing companies and software makers stick to Windows XP, even though end of support is quickly approaching for this particular OS.

“We see that software companies have a good plan to fully migrate by April, and even manufacturing companies have a fairly good plan to meet the deadline. But we see absolutely no plan in the BFSI sector,” Amrish Goyal, general manager Windows Business Group at Microsoft told Business Standard.

“It takes about three to six months for a full migration to take place. Indian public sector banks are not taking the issue as seriously as it is.”

While this is not at all surprising given the fact that Windows XP is still a decent OS and because moving to a newer platform is still an expensive process, it’s clearly a risk that all these banks and government offices do not need to take.

Microsoft has warned that Windows XP would no longer receive updates as of April 8, 2014, which means that every single vulnerability found in the operating system will be an open door for hackers who’ll want to get inside a computer still running this OS.

At the same time, Microsoft also plans to stop issuing updates for its Security Essentials anti-virus product beyond the XP retirement date, in an attempt to urge users to make the move to Windows 7 or Windows 8.

http://news.softpedia.com/news/Bank-Government-PCs...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 14th Nov, 2013 06:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 13th, 2013, 23:58 GMT · By Bogdan Popa
How to Fix Windows XP Update Problems Causing 100 Percent CPU Usage

Windows XP will soon go dark, but that doesn’t necessarily mean that users shouldn’t be able to update their computers until this date comes.

And still, it’s happening, not because Microsoft wants to, but due to a bug causing 100 percent CPU usage when trying to launch Windows Update on an XP machine.

Whenever you launch Internet Explorer on Windows XP and go over to the Windows Update page, the computer might simply freeze for a few minutes. If you’re the kind who wants to wait and see what’s happening, you might in the end regain control over your computer.

Once you click install on the available updates, the machine freezes one more time, again for a few minutes, before eventually starting deploying the patches.

"Soon after boot, my PC go slowly, and in task manager i see a svchost running 100% CPU. After some trials, i saw that turning off automatic updates fix the problem. In windowsupdate.log there is no error. When I try manual updates on Windows Update, the PC stays on a page searching updates," one affected user explained.

Just as Woody Leonhard of InfoWorld writes, the issue appeared earlier this year and can be fixed by simply deploying one of the patches unveiled by Microsoft on October 2013’s Patch Tuesday rollout.

While the issue seems to be affecting the Windows Update Agent, and its local process – wuauclt.exe, it turns out that the MS13-080 Internet Explorer security update can solve all your problems.

Here’s what Microsoft says in the description of the update:

“This security update resolves one publicly disclosed vulnerability and eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Basically, users are recommended to download Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 patches to fix a flaw that would allow an attacker to gain the same rights as the logged on user.

For some reason, this patch makes it possible to deploy updates on a Windows XP SP3 machine without any computer freezes. Disabling Windows Update completely is yet another solution, but as everyone says, this isn’t quite the best thing to do if you care about your security while being connected to the Internet.

http://news.softpedia.com/news/How-to-Fix-Windows-...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 15th Nov, 2013 14:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NOVEMBER 15, 2013
Microsoft to fix Windows XP update SVCHOST redline issue 'soon'
Microsoft has identified why using Windows Update to install patches on Windows XP may lock up users' machines for hours on end
By Woody Leonhard | InfoWorldFollow @woodyleonhard

Microsoft thought it had the Windows XP update redlining problem solved in this month's Black Tuesday crop of patches. Instead, the problem's back this month with a vengeance. The Microsoft Update team has analyzed the latest manifestation, come up with an explanation, and we're promised that a permanent solution will arrive "as soon as possible."

Windows Update team member Doug Neal has just posted a message to the Patch Management Mailing List that explains what's happening when Windows XP's Windows Update agent, wuauclt.exe (running in a SVCHOST wrapper), drives CPU utilization to 100 percent -- and can keep WinXP machines pegged at 100 percent for 15 minutes or longer.

The problem is caused by the Windows Update client evaluating an exceptionally long supersedence chain - something IE6 and IE7 have more than any other version of IE due to their time in market. Each 'link' in the chain doubles the CPU resources needed to evaluate it over the previous version. The chain is so long that the design stymies the WUA client.

In other words, when you run Windows Update, the program has to bang against Microsoft's internal database of patches and figure out which patches need to be applied and which ones have been superseded and can be ignored. Since IE6 and IE7, in particular, have been around since the dawn of time, that's an enormous pile of patches to sort through.

Reading between the lines of Neal's response, it occurs to me that 1) the method for traversing the tree of available patches is enormously inefficient ("doubles the CPU resources") and 2) there should be some way to pre-evaluate the most common chains and bypass supersedence checking entirely in many cases -- or at least minimize it.

Be that as it may, Microsoft's solution is to go in and crop the tree: remove dead branches that don't need to be pursued. As Neal explains it:

We thought this problem was one of extremely long supersedence chains in IE6/IE7 which we fixed with Tuesday's release. We're hearing from you and others that this didn't fix the problem... We're working to expire these exceptionally old, dated, unnecessary updates in the chain. The expirations for these didn't happen as planned.

Those of you who have written to me and expressed a Dexter-like rage at the people inside Microsoft who caused their machines to keep churning for hours on end might take note that Microsoft really did think it had the problem licked with this month's Black Tuesday patches.

Neal concludes by saying:

While I can't provide a date for when this will be done, we know it's an issue affecting customer PCs and we're working to get it out as soon as possible to halt the impact.

So if it's any consolation, you can put away the butcher knife, roll up the plastic, and trust that a fix is coming before too long. But don't throw away the carving tools just yet, OK? We may need them.
http://www.infoworld.com/t/microsoft-windows/micro...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 21st Nov, 2013 08:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 21st, 2013, 07:14 GMT · By Bogdan Popa
Microsoft, Intel Hold Event to Show Why You Need to Dump Windows XP

Windows XP’s end of support deadline is quickly approaching, so Microsoft continues its efforts to show everyone that they need to dump the 12-year-old operating system and move to a newer platform.

Erwin Visser, Microsoft's senior director for Windows Commercial, revealed in a blog post that he’ll take part to Dell’s Windows 7/8.1 Virtual Event Day to discuss why consumers really need to abandon Windows XP and deploy either Windows 7 or 8.1.

“This all-day Virtual Event is designed for business decision makers and CIOs and will focus on discussing how to speed up the migration process, drive down costs and ease the deployment of a modern operating system,” Visser explained.

Of course, the event will also showcase some Dell technologies supposed to help users migrate from XP to newer software, as some of the businesses still running the aging platform are experiencing problems in their attempt to deploy a newer Windows version.

“In addition to the keynote, there will also be experts from Dell and Microsoft hosting live chats and webcasts throughout the day and an opportunity to hear from Dell about the migration and management tools that Dell Software has developed to help you migrate,” Visser confirmed.

And of course, Redmond will use the occasion to discuss the improvements it made to Windows 8.1, explaining that it has the necessary features to address the needs of both consumer and businesses.

“My colleagues Chris Hallum and Sarah Haggard will be walking through the latest features and benefits of the Windows 8.1 Enterprise operating system including business tablets experience, enterprise-grade security, BYOD and mobility,” he added.

Windows XP is currently installed on more than 30 percent of the computers worldwide, even though Microsoft plans to completely retire it on April 8, 2014. No patches and security updates will be delivered beyond this date, with Microsoft even planning to shut down Security Essential updates for Windows XP once end of support comes.

http://news.softpedia.com/news/Microsoft-Intel-Hol...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 22nd Nov, 2013 13:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 22nd, 2013, 10:50 GMT · By Bogdan Popa
Windows XP Anti-Virus Software Put to the Test, All but Two Pass with Flying Colors

Windows XP will be soon discontinued, with Microsoft planning to stop releasing patches and security updates as of April 8, 2014.

With Windows XP computers clearly becoming vulnerable to attacks after end of support comes, anti-virus products are becoming essentials for users still running the 12-year-old platform.

AV-TEST has conducted a new series of tests to determine the best Windows XP anti-virus right now, revealing that out of 25 products, only two failed to get their certification.

While Microsoft’s very own Security Essentials 4.3 is still considered the baseline, AV-TEST says that Kaspersky Internet Security 2014 provides the best protection to Windows XP computers, followed by F-Secure Internet Security, Bitdefender Internet Security 2014, and Trend Micro Titanium Maximum Security 2014.

As far as performance goes, Kaspersky Internet Security 2014 is again leading the charts, followed by Avira Internet Security 2013, AVG Anti-virus Free Edition 2014, and AVG Internet Security 2014.

KIS 2014 is also holding the leading spot in usability rankings, while Avira Internet Security 2013 is the runner-up. Surprisingly, Check Point ZoneAlarm Free Antivirus + Firewall 11.0 is third with a maximum score.

The only security products that didn’t receive AV-TEST’s certification are AhnLab V3 Internet Security 8.0 and K7 Computing Total Security 13.1.

So does this mean that you’re fully protected beyond retirement date even though Microsoft won’t be releasing any other XP patches? Not at all.

Microsoft won’t be rolling out security updates and fixes to address vulnerabilities found in the operating system, and even though anti-virus products could somewhat protect your computer, it’s still exposed to attacks specifically supposed to take advantage of these security flaws.

Windows XP is currently installed on nearly 30 percent of computers worldwide, which is not at all surprising given the fact that it was such a fast and reliable operating system. Still, Microsoft wants everyone to move to a newer platform, so you should really have a look at either Windows 7 or 8.1.

http://news.softpedia.com/news/Windows-XP-Anti-Vir...

--
Was this reply relevant?
+0
-0
taffy078 RE: Microsoft may end antivirus updates on XP in April
Contributor 24th Nov, 2013 10:16
Score: 410
Posts: 1,280
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Don't throw away your old XP PCs!

Fact 1: There are lots of individuals and small charities that have no intention of going on-line.

Fact 2 (I think!!): Most of the computers with XP are probably too old to / incapable of coping with modern software.

So, could someone start a world-wide drive to get the computer community to donate their XP
machines to such individuals / charities to use as word processors?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 26th Nov, 2013 11:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 26th, 2013, 09:03 GMT · By Bogdan Popa
Windows XP Losing More Users on a Daily Basis

Windows XP remains an incredibly popular operating system less than six months before its retirement date and despite all warnings issued by the Redmond-based tech giant Microsoft.

And still, some recent statistics provided by market researcher StatCounter for the first 25 days of November 2013 indicate that Windows XP users are finally jumping ship and embracing another platform.

At this point, Windows XP is installed on 19.31 percent of computers worldwide, according to StatCounter data, down from 19.44 percent last week. While the drop isn’t anything major, it’s still a sign that Windows XP users have started the transition to another operating system.

The question is what’s their next destination? Windows 8 has also lost users in the last 7 days (down from 7.54 percent to 7.51 percent), while Windows 7 maintained its market share to 51.8 percent.

The first thing that comes in mind is that some Windows XP users are switching to some non-Windows platforms, such as Mac OS X or Linux. And truth is, lots of our readers have confirmed that they won’t stay on Windows after XP reached end-of-support, so such a scenario is very likely.

What does Microsoft have to say about it? Not much, but Redmond has already explained that it’s essential for XP users to switch to a newer OS version, mostly because it could provide better security.

Of course, the company hopes that most users would pick Windows 8.1, but until now, the majority of those who actually decided to migrate have picked Windows 7 thanks to its familiar design.

At the same time, switching to Windows 8.1 also requires hardware upgrades, which for some companies could prove to be a rather expensive process that wouldn’t make much sense for a reduced workforce with less than 50 employees.

http://news.softpedia.com/news/Windows-XP-Losing-M...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 27th Nov, 2013 20:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 27th, 2013, 14:11 GMT · By Bogdan Popa
Japan Govt to Keep Windows XP on 266,000 Computers Beyond End-of-Support

Windows XP will be discontinued on April 8, 2014, and even though lots of users, businesses, and authorities are struggling to move to a newer platform as soon as possible, some will fail to do this before retirement date.

The Japanese government, for example, will keep Windows XP running on 266,231 personal computers at local and prefectural governments, according to a report by The Japan Times and citing the internal affairs ministry.

It turns out that the authorities do not have enough time to complete the transition, so as a result, these computers will continue to be powered by Windows XP next year.

A temporary solution has already been found, according to the same source, as the Internal Affairs and Communications Ministry has asked those still running Windows XP on government computers to avoid using the PCs until a newer platform is deployed.

http://news.softpedia.com/news/Japan-Govt-to-Keep-...


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 28th Nov, 2013 11:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 28th Nov, 2013 11:22
November 28th, 2013, 06:29 GMT · By Bogdan Popa

Microsoft Investigating Critical Windows XP Security Flaw

Microsoft has confirmed that it’s investigating reports of a critical security flaw that would affect Windows XP users, saying that it’s aware of “limited, targeted attacks that attempt to exploit this vulnerability.”

The glitch, which was first reported by FireEye Labs, affects the Windows kernel and could allow elevation of privilege, which means that an attacker who successfully exploits it could run arbitrary code.

Newer operating systems are not affected by this flaw, the company said in a security advisory issued today.

“Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003,” Redmond explained.

“The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”

FireEye Labs said that the same flaw also affects Adobe Reader and recommended users to update to the latest version of the application in order to stay secure.

“The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP,” the security company said in a post. “We are collaborating with the Microsoft Security team on research activities.”

Windows XP will be officially discontinued on April 8, 2014, but the operating system continues to power more than 30 percent of computers worldwide, according to third-party data provided by Net Applications.

Microsoft hopes that most users will actually dump Windows XP and move to a newer platform before end of support comes, in an attempt not only to keep everyone fully protected, but also to boost the market share of its modern operating systems, including Windows 8 and 8.1.
http://news.softpedia.com/news/Microsoft-Investiga...


Microsoft investigating MS Windows local privilege escalation zero-day

Summary: Microsoft issued a security alert and is investigating a report issued by FireEye Labs warning of an MS Windows/Adobe Reader local privilege escalation zero-day in the wild.

In a new security alert Microsoft announced it is investigating a report issued earlier today by FireEye Labs warning of an MS Windows local privilege escalation zero-day in the wild.

The Windows local privilege escalation vulnerability FireEye Labs says it has identified, "cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP."

If you're running the latest versions of Adobe Reader, FireEye says that you shouldn't be affected by the exploit.

More to read at :-
http://www.zdnet.com/microsoft-investigating-ms-wi...



--
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft may end antivirus updates on XP in April
Handling Contributor 28th Nov, 2013 12:45
Score: 11312
Posts: 8,726
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Secunia details are here:

http://secunia.com/advisories/55809/

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 28th Nov, 2013 13:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firms urged to ditch Windows XP after zero-day attack discovered in the wild

by Alastair Stevenson
28 Nov 2013

A zero-day vulnerability in Microsoft's Windows XP and Server 2003 has been discovered and is being actively targeted by hackers, leading to fresh calls for businesses to move to newer Windows versions sooner rather than later.

FireEye researchers Xiaobo Chen and Dan Caselden reported uncovering the vulnerability in a blog post, confirming that it only affects Windows XP systems.

"FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP," read the post.

The researchers confirmed evidence that the vulnerability is being actively targeted by hackers. "This local privilege escalation vulnerability is used in the wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability," read the post.

"The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit. Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it."

More to read and workarounds here :=
http://www.v3.co.uk/v3-uk/news/2309770/firms-urged...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 28th Nov, 2013 22:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 28th, 2013, 21:23 GMT · By Bogdan Popa
Windows XP’s Retirement Will Start the WinMageddon, Security Experts Say

Windows XP is now affected by a new vulnerability, but while this is indeed serious business and users need to deal with it as soon as possible, it’s also another sign that those sticking to this old platform will soon face major security risks.

Microsoft is now investigating reports, after receiving information regarding a number of attacks attempting to exploit this flaw, but a fully working patch won’t arrive for the time being. At least, not until December 2013 Patch Tuesday when Microsoft is scheduled to release fixes for many other glitches.

The security experts at the SANS Internet Storm Center (ISC) have issued a statement warning that today’s vulnerability is not all about flaws that need to be urgently addressed by the Redmond-based tech giant.

“The real story here isn't the zero day or the workaround fix, or even that Adobe is involved. The real story is that this zero day is just the tip of the iceberg,” the advisory reads.

“Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 (which we're now officially calling ‘WinMageddon’), that their exploits will work forever against hundreds of thousands (millions?) of XP workstations.”

And this pretty much makes sense. At this point, Windows XP is installed on more than 30 percent of computers worldwide, but Microsoft hopes that only 13 percent of the users would actually stick to this particular OS version.

Many users, on the other hand, are fairly disappointed with Windows XP’s end of support and even though no patches and security fixes get released beyond April 2014, they still want to stay on this operating system. Of course, Microsoft issues security warnings with every single occasion, reminding that hackers will clearly try to make the most of vulnerable XP machines by exploiting every newly found flaw.

http://news.softpedia.com/news/Windows-XP-s-Retire...


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 29th Nov, 2013 14:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
DEATH-PROOF your old XP netbook: 5 OSes to bring it back to life

Or: How to talk your child out of using an iPad..


By Simon Sharwood, 28th November 2013

Four customers who never have to replace their PCs again

My son's school has decreed that next year he'll need a computer of some sort.

Mr 12 wants an iPad. I want him to use the 2009-vintage Lenovo S10e Netbook gathering dust in the study, because it's already been paid for. The netbook is also fit for purpose: it was the very model handed out in Australian schools circa 2009.

It's also alive and kicking. That Redmond will turn it into a curiosity next April rankles, so I want to find something useful for it to do.

Mr 12 scoffs at such sensible arguments and cares little for the family budget. All he knows is that the single core 1.6Ghz ATOM N270-powered machine with its 2GB of RAM, 150GB hard disk and oddly proportioned 1024 x 576-pixel 10.1-inch screen runs like treacle.

After some back and forth, a compromise has been reached: if I can show him an operating system that makes the netbook faster and look cool, he'll give it a go.


Lots 'n lots more to read here :-
http://www.theregister.co.uk/2013/11/28/five_oses_...


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 30th Nov, 2013 12:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
November 30th, 2013, 09:48 GMT · By Bogdan Popa
Symantec Details Windows XP Zero-Day Vulnerability

Microsoft is still investigating a recently found zero-day flaw in Windows XP, but security company Symantec already has more information on the vulnerability.

Symantec revealed in a blog post that a successful exploitation of the flaw would allow an attacker to execute arbitrary code with kernel-level privileges and could “result in the complete compromise of affected computers.”



At the same time, the security vendor has also warned that cybercriminals are trying to exploit the flaw with malicious PDF documents delivered via emails and attempting to take advantage of a security hole in older versions of Adobe Reader.

“The attack arrives as a malicious PDF file with file names such as syria15.10.pdf or Note_№107-41D.pdf, likely by an email attachment, although there is a possibility that targeted users are being enticed to download the malicious file from a website prepared by the attacker,” Symantec reported.

At the same time, it turns out that attacks attempting to exploit this vulnerability were launched in November, so the flaw has been around for a while, but nobody knew about it.

Symantec says that security products that have been updated after the zero-day flaw has been revealed can block malicious PDF documents delivered via emails, but users are anyway recommended to follow Microsoft’s guidance on blocking the vulnerability.

“Upon successful exploitation of the vulnerability, another malicious file, observed since mid-October, is dropped onto the compromised computer which Symantec detects as Trojan.Wipbot. This Trojan collects system information and connects to a command-and-control (C&C) server,” Symantec explained.

Until now, the security vendor has detected emails comprising malicious PDF documents sent in countries such as India, Australia, the United States, Chile, Hungary, Germany, Norway, and Saudi Arabia.

Microsoft is still investigating the reports and given the fact that the December 2013 Patch Tuesday rollout is approaching, expect a patch to be released early next month.

http://news.softpedia.com/news/Symantec-Details-Wi...


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 2nd Dec, 2013 19:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
December 02, 2013

Windows XP zero day gives attackers a way around Adobe sandbox

Microsoft may provide an out-of-cycle security update to protect users


By John E Dunn | Techworld

A new zero day flaw in Windows XP and Windows Server 2003 is being exploited in the wild to bypass the sandbox on unpatched versions of Adobe Reader, security firm FireEye has reported.

According to the firm's analysis, the vulnerability allows for a standard user running XP SP3 to elevate privileges to admin level, allowing a targeted attack on users running Reader versions 9.5.4, 10.1.6, 11.0.02 and before using a malicious PDF.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights," said Microsoft in a separate advisory (2914486).

In other words, attackers hitting this flaw can beat Adobe's sandbox by routing their sneakiness via a lower-level call through the OS itself.

The issue has been designated CVE-2013-5065 and an out-of-band patch looks like a distinct possibility given its seriousness.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," said Microsoft's advisory, dropping a heavy hint that early action was likely.

In order to fix the problem, users are advised to update Adobe Reader to a later version or simply abandon Windows XP for Windows 7 or 8.

News of the issue will be taken as further confirmation that users need to get off XP although privilege elevation flaws can in principle affect any OS from time to time. They have become rarer in recent years, hence their importance when they surface.

A month ago Microsoft's Q3 Security Intelligence Report (SIR) found that XP was not only more likely to encounter malware but significantly more likely to fall prey to it all things being equal. Later versions of Windows -- especially Windows 8 -- are architected with a greater level of low-level security designed to beat off some attacks.

Windows XP might be a dying operating system but it can still throw up some nasty surprises. This won't be the last one.

http://www.infoworld.com/d/security/windows-xp-zer...



--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 4th Dec, 2013 22:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

VMWare patches vulnerability with Windows XP, 2003 guests

Summary: When running under VMWare Workstation, Fusion, ESX or ESXi hypervisors, old versions of Windows are vulnerable to privilege escalation.

By Larry Seltzer for Zero Day | December 4, 2013 -- 20:44 GMT

VMWare has issued an update for several of their hypervisor products to address a privilege escalation vulnerability when running Windows XP, Windows Server 2003 and older versions of Windows as a guest operating system.

The products are VMware Workstation, VMWare Fusion and VMware ESXi and ESX. The vector for the attack is a VMWare device driver LGTOSYNC.SYS. The file properties for this driver describe it as "VMware/Legato Sync Driver."

The hypervisor itself is not exploitable through this vulnerability, but an unprivileged Windows process could elevate privilege under Windows. Presumably it could attain the privileges under which LGTOSYNC.SYS runs, but the advisory does not specify what level this is.

Updated versions may be downloaded at these pages:
•VMware Workstation
•VMware Player
•VMware Fusion
•ESXi and ESX

http://www.zdnet.com/vmware-patches-vulnerability-...


--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 4th Dec, 2013 22:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 5th Dec, 2013 16:37
December 4th, 2013, 15:31 GMT · By Bogdan Popa

More than Half of Chinese Users Are Still Running Windows XP

China is one of the countries that are asking Microsoft to extend support for Windows XP, as the local authorities are still running the aging operating system and do not have enough time to complete the transition to another operating system.

While Microsoft hasn’t yet issued a response, and is highly unlikely to do it anytime soon, statistics shows that nearly 50 percent of the Chinese users are still on Windows XP right now.

StatCounter data for the month of November 2013 shows that Windows XP has a market share of 50.82 percent in China, followed by Windows 7 with 40.24 percent. Windows 8 is far behind with only 2.87 percent.

And still, deputy director of China's National Copyright Administration Yan Xiahong has already met with Microsoft officials to discuss the possibility to keep Windows XP alive, especially because local authorities have paid for licenses and thus contributed to a significant piracy rate drop.

http://news.softpedia.com/news/More-than-Half-of-C...

Also read :-
Beijing leans on Microsoft to maintain Windows XP support

Come on, we've only just ditched our pirated copies...

By Phil Muncaster, 4th December 2013
http://www.theregister.co.uk/2013/12/04/windows_xp...


December 5th, 2013, 04:15 GMT · By Bogdan Popa

North Koreans Still Addicted to Windows XP, Do Not Care About Windows 8

We all know that Microsoft will officially retire Windows XP in approximately five months, but it’s still surprising to see that despite Redmond’s efforts, lots of users are still running the aging OS.

Figures provided by StatCounter reveal that North Korea is one of the countries still addicted to Windows XP, with Microsoft’s modern operating system still having a rather small market share.

At this point, Windows XP is running on 60.44 percent of computers in the country, while Windows 7 is next with 30.36 percent. Surprisingly, Mac OS X is third with 2.68 percent, while Windows 8 is fourth with only 2.37 percent.

Of course, Microsoft can’t really be pleased with such news, especially because it tries to move Windows XP users to newer platforms, not only due to the security risks, but also because it hopes to bring more adopters for its modern operating systems such as Windows 8 and 8.1
http://news.softpedia.com/news/North-Koreans-Still...



--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 6th Dec, 2013 10:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
December 6th, 2013, 06:17 GMT · By Bogdan Popa
Microsoft Still Not Ready to Patch Zero-Day TIFF Windows Flaw

Microsoft has just announced that it will release a total 11 security bulletins on Patch Tuesday, five critical and six important, but surprisingly, the rollout won’t include a fix for the recently-found zero-day TIFF flaw in Windows.

Although it was initially expected to see a fully-working patch going live on Patch Tuesday, it turns out that Microsoft needs more time to develop it, with a company official recommending users to urgently update their Adobe Reader installations.

“This release won’t include an update for the issue described in Security Advisory 2914486. We’re still working to develop a security update and we’ll release it when ready,” Dustin Childs, group manager, Response Communications, Microsoft Trustworthy Computing, said in a statement released this morning.

“Until then, we recommend folks review the advisory and apply the suggested workaround on their Windows XP and Windows Server 2003 systems. Customers with more recent versions of Windows are not affected by this issue.”

Wolfgang Kandek, CTO, Qualys, also said that users who are running the latest version of Adobe Reader or a newer edition of Windows, including 7, 8, or 8.1, are not affected by the flaw.

“Microsoft has consistently pointed out that the additional security toolkit EMET (Enhanced Mitigation Experience Toolkit) has been effective against all of the 0-day problems this year,” he said.

“We believe it is a proactive security measure that organizations should evaluate and consider as an additional layer in their defensive measures. EMET is a free tool by Microsoft and in the last year has significantly matured in terms of manageability and deployability.”

All Patch Tuesday fixes will be delivered via Windows Update on Tuesday, so keep your computer connected to the Internet to make sure that you download and install them as soon as possible. Some of the updates will require a computer reboot, so make sure you save your work before anything else.

http://news.softpedia.com/news/Microsoft-Still-Not...

--
Was this reply relevant?
+0
-0
mogs RE: Microsoft may end antivirus updates on XP in April
Expert Contributor 10th Dec, 2013 21:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft issues 11 security bulletins for the last Patch Tuesday of 2013
Addresses a zero-day vulnerability for bad TIFF images on Windows XP systems


By Lee Bell
Tue Dec 10 2013, 10:44

SOFTWARE PATCH FACTORY Microsoft has released its last Patch Tuesday list for 2013, issuing 11 bulletins, five of which are rated critical.

These last 11 bulletins cover Internet Explorer, Windows operating systems and Microsoft Office software, bringing the total number of patches released by the Redmond firm in 2013 to 106, up from last year's total of 83.

The most critical security bulletin addresses a zero-day vulnerability documented by the November Microsoft Graphics Components advisory 2896666, affecting Windows, Office and Lync through Microsoft Office 2007 installed on Windows XP.

"In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation. Because we know persuading users to click isn't always that hard to do, a patch for this one is definitely welcome," said Lumension forensics and security analyst Paul Henry.

More to read at :-
http://www.theinquirer.net/inquirer/news/2318054/m...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability