back to article Think unpatched Win XP hole's not a big deal? Hope you trust your local users

An unpatched vulnerability in Windows XP and Windows Server 2003 creates a means for hackers to gain admin rights on vulnerable Windows XP machines, Microsoft warned on Wednesday. The zero-day local privilege escalation vulnerability is not suitable for remote code execution but might allow a standard user account to execute …

COMMENTS

This topic is closed for new posts.
  1. Wibble
    Windows

    Tin-foil hat time...

    Anyone would think that Microsoft are sharing XP FUD as a strategy of driving more revenue from sales of later (broken in other ways?) operating systems...

    1. Fred Flintstone Gold badge

      Re: Tin-foil hat time...

      I'm sure you're right, but what I really read in that message is "don't use the Adobe Reader". :)

      1. BongoJoe

        Re: Tin-foil hat time...

        I don't use Adobe Reader. I use PDF X-Change to read and I have bought bio PDF writer to write.

        If only sites would not insist on Flash then I can get rid of that monstrosity as well.

  2. Anonymous Coward
    Anonymous Coward

    "while admitting it has been abused in "limited, targeted attacks"."

    So the NSA have weaponised it already then!

    I got rid of all Adobe products (and Java) from my PC months ago.

    "XP FUD as a strategy of driving more revenue from sales of later (broken in other ways?) operating systems..."

    XP is like 13 years old. Get with the 21st Century.

    1. MJI Silver badge

      Quote "XP is like 13 years old. Get with the 21st Century."

      So what my car is nearly that old and it still works, why should I replace that?

      1. Anonymous Coward
        Anonymous Coward

        Re: Quote "XP is like 13 years old. Get with the 21st Century."

        Because a modern car will have a manufacturer's warranty as well as better locks, immobiliser and alarm, possibly even GPS tracking too. If you're comfortable running an easier to break into car, that the manufacturer won't fix (patch) by all means carry on running Windows XP.

        Just don't expect MS to patch XP for the rest of eternity, your car manufacturer gave up 3 years after you purchased it.

        Bit of a silly analogy really, computing technology advances much much faster than automotive technology.

        1. Anonymous Coward
          Anonymous Coward

          Re: Quote "XP is like 13 years old. Get with the 21st Century."

          Quote

          even GPS tracking too

          That is enough or a reason for me NOT to buy a newer car. My current one is 2004 vintage with 150k miles on the clock. The Engine should be good for another 150k.

          Why on earth would I actually want 'the man' to track my every move? No siree, I don't want this.

          1. Anonymous Coward
            Anonymous Coward

            Re: Quote "XP is like 13 years old. Get with the 21st Century."

            "Why on earth would I actually want 'the man' to track my every move? No siree, I don't want this."

            Clearly you're lacking some knowledge on how these trackers work, they do not report your every move, you report the vehicle stolen, the company that provided the tracker contact the car and retrieve it's location.

            Why would you want this? To lower your insurance premium and locate your vehicle if it's stolen.

            Still the attack on GPS tracking seems to be an attempt to distract from the point that a 13 year old OS is out of date, no longer supported and much more of a risk to use.

            1. Nigel 11

              Re: Quote "XP is like 13 years old. Get with the 21st Century."

              Clearly you're lacking some knowledge on how these trackers work, they do not report your every move, you report the vehicle stolen, the company that provided the tracker contact the car and retrieve it's location.

              At the risk of posting something that really belongs on the Snowdon thread, why on earth do you trust that the tracker company is the only organisation that can do this, and that it would never do so on anyone's behalf except your own?

              All I can say is I hope you never have to live in fear of a jealous wife, a new partner's wealthy psycho-stalker, a criminal organisation that wants to erase an inconvenient witness before he can talk, or a government run by a mega-humanitarian like Joseph Stalin. (Mega-humanitarian: eats people by the million).

              1. Anonymous Coward
                Anonymous Coward

                Re: Quote "XP is like 13 years old. Get with the 21st Century."

                "At the risk of posting something that really belongs on the Snowdon thread, why on earth do you trust that the tracker company is the only organisation that can do this, and that it would never do so on anyone's behalf except your own?"

                I personally don't use any of this anyway, my car isn't worth it. But since you're insistent on distracting from the issue of whether XP is as secure to use as a modern OS, I would have no problem with this though, because:

                - The NSA already know where I am from cellular networks

                - They probably would release my location at the government's request, same as the bank would release what cash machines I use, shops I shop at if they asked, but the government have no interest in me as I'm not breaking the law so this is a non-issue and true of any technology that keeps records on you

                - My wife has no reason to be jealous

                - If a stalker knows enough about me to impersonate me to obtain my vehicle's location, they likely know where I live already as it'd be one of the security questions so why would they go through the hassle and risk of exposing themselves further?

                1. Nigel 11

                  Re: Quote "XP is like 13 years old. Get with the 21st Century."

                  If a stalker knows enough about me to impersonate me to obtain my vehicle's location, they likely know where I live already as it'd be one of the security questions so why would they go through the hassle and risk of exposing themselves further?

                  That might be the point. Someone you want to avoid, doesn't know your location but has access (legally or otherwise) to various large collections of data.

                  The other reason is that an automobile "accident" is much easier to arrange and much less likely to lead to a full murder enquiry, than any other sort of "accident". And the more they knew about your habitual routes, the easier it would be.

                  All hypothetical. Some people care about their privacy more than others.

            2. Anonymous Coward
              Anonymous Coward

              Re: "a 13 year old Microsoft OS"

              "a 13 year old Microsoft OS is out of date, no longer supported and much more of a risk to use."

              On the other hand, IBM and DEC (and other even lesser known) OSes from 13 or more years ago can easily just keep on running. It was, and is, called "investment protection", though it's no longer fashionable in most IT departments, who would naturally prefer the additional status conferred by bigger budgets every year. The "investment protection" also means these folk don't have a massive annual budget and a massive ecosystem of Certified Microsoft Dependent business partners hovering round all the time trying to sell the latest shiny upgrades of hardware and software.

              One size does not fit all.

        2. James Pickett

          Re: Quote "XP is like 13 years old. Get with the 21st Century."

          " better locks, immobiliser and alarm"

          Which it only needs because it is new! My 16-year old vehicle has a built-in anti-theft feature - it's not worth stealing. It also gets me about at minimal cost and when it becomes uneconomic to fix, I shall lavish another £500 on a replacement. In the meantime, I can enjoy a better class of refreshment when 'm not driving...

        3. Inventor of the Marmite Laser Silver badge

          Re: Quote "XP is like 13 years old. Get with the 21st Century."

          However, unlike Wrongdows 8.x, a modern car isn't sold with the steering wheel on the roof or the gearshift in the trunk, requiring a trip to the custom workshop to get it sorted.

        4. Roland6 Silver badge

          Re: Quote "XP is like 13 years old. Get with the 21st Century." @AC 28nov12 14:47

          "Because a modern car will have a manufacturer's warranty as well as better locks"

          Sorry to inform you, but if you purchased Windows 8 when it was first released back in August 2012, it is now out of warranty - so if using products that are still in warranty is important to you then I suggest you rush out and buy yourself a copy of Windows 8.1, but then the warranty on your PC has probably also expired !

          As for the "better locks" agree the new locking systems are much better; for thieves.

          1. Anonymous Coward
            Anonymous Coward

            Re: Windows 8 warranty

            "if you purchased Windows 8 when it was first released back in August 2012, it is now out of warranty"

            If it's like pretty much every other piece of software I've ever seen, its supplier does its very best to deny any warranty responsibilities anyway.

        5. JC 2

          Re: Quote "XP is like 13 years old. Get with the 21st Century."

          So essentially what you are saying is you can't make sound decisions or practice safe computing, or even hold onto your own possessions so you will just leave that burden on someone else then blame them.

          Nice try and fail. Manufacturer's warranty on vehicles runs out on most items after 3 years and that's the period were the most early failure occur so even if it is under warranty you still have to suffer through the downtime, and must be incapable of using a basic set of tools if you can't even fix the majority of vehicle problems in less time than it would take to get the vehicle to a dealership, go back home or wait, then go pick it up when finished.

          Yes I am comfortable with an easier to break into car because I'm not a fool that leaves valuables out where they are an enticement, nor do I make bad life choices that leave me in areas of particular vulnerability. I've NEVER had my car broken into and in fact seldom lock it except at shopping centers.

          I don't care at all if MS patches XP, I learned to use it, apparently more securely than you can use whatever you're running, over a decade ago.

          However, in fact no computer tech on the OS front is not advancing faster than automotive tech. What great new thing did we get from modern OS? A bit higher memory capacity? Touch-screen interface that nobody wants? More color gradients? LOL, you don't even realize how much of the underlying code in Win8 is taken from Win 2000, reused over and over.

          In automotive tech there have been substantial advances in recent years to vehicles the average person can afford rather than luxury vehicles, far far more substantial than the upgrades Win8 has over WinXP.

          1) Movement to more aluminum for weight savings.

          2) Traction control

          3) Tire pressure sensors

          4) All around airbags

          5) Realtime fuel consumption

          6) Integrated touchscreen and voice controlled dash computers with cell, GPS, etc links

          7) Rear view cams, alarms

          8) Frontal crash avoidance systems

          9) Skid avoidance systems

          10) Automatic multi-zone temperature control

          11) Advanced fuel injection redesign

          12) Driver doze-off/sleep alarm

          I'm getting tired of typing, do your own work to become educated about topics you want to discuss.

          PS If I want to steal a new car I'll just bring around a flatbed, winch it up, and run a sat/cell scrambler till it found its way into a metal warehouse for dismemberment. That false sense of security you have with a new vehicle is really just a more valuable theft in this day and age.... because I know security and you don't.

          1. Anonymous Coward
            Anonymous Coward

            Re: Quote "XP is like 13 years old. Get with the 21st Century."

            "In automotive tech there have been substantial advances in recent years to vehicles the average person can afford"

            With you mostly, but your list omits:

            13) Safety critical systems (including software) specified, designed, coded, allegedly tested, and supported by companies who either don't understand or don't care about the safety implications of what they're doing.

            See e.g. Toyota replacing floor mats to fix "uncommanded acceleration" when the real cause (at least in part) is defective by design control systems, as evidenced by the first Toyota vs (whoever) court case to actually get as far as trial, the others prior to Toyota vs Bookout all having been settled before reaching trial. Recently reported (and commented on) in EE Times. [1]

            It'd be nice to see some coverage round here too.

            Locally, in the last 15 months I've replaced my largely-computerless 10 year old 150K mile diesel with a "modern" vehicle with the following notes:

            1) Jumpleads no longer possible due to battery terminal design improvements

            2) Spurious glowplug warnings due to software fault

            3) Spurious diesel particulate filter warnings due to software fault

            4) Electric window inoperable due to software fault

            and best of the lot:

            5) Automatic transmission repeatedly going to neutral spuriously while driving, due to engine/gearbox CU fault.

            Personally I'd rather have kept the old one, but the (non-computerised) suspension fault was going to be rather expensive to fix

            [1] http://www.eetimes.com/document.asp?doc_id=1319903

            http://www.eetimes.com/document.asp?doc_id=1319966

            or just search for toyota vs bookout, and add "barr" as well to get stuff specifically involving expert witness testimony wrt the software

            Or (from the law firm involved, so treat with due respect):

            http://www.beasleyallen.com/news/toyota-sudden-unintended-acceleration-lawsuit-ends-in-landmark-verdict-2/

    2. MyHandle123

      Quote: XP is like 13 years old. Get with the 21st Century.

      Sure, if you're still running XP in your basement apartment, then you're obviously a luser and will have lots of fun fixing your fabulous rig if you get hit. And if you're working in a shop that's still full of XP 'workstations' then perhaps you'd be wise to consider another line of work.

  3. Anonymous Coward
    FAIL

    Well, Well, Well

    What a surprise, yet another Adobe PDF reader vulnerability. Get the superb lightweight Sumatra instead.

    1. Wibble

      Re: Well, Well, Well

      Don't you mean that it's another PDF reader vulnerability that's made worse by another Windows vulnerability?

      A black cap for the pair of them.

    2. This post has been deleted by its author

    3. Splodger

      Re: Well, Well, Well

      Hey, I've looked again at Sumatra, and you can now change the vile lurid yellow background colour to whatever you want.

      New PDF reader installed.

    4. skeptical i
      Pint

      M'kew! [Re: Well, Well, Well]

      Thank you MOST kindly for the suggestion, I now have a snappier reader installed that allows much more customization. :D

  4. Fuzz

    server 2003

    There is a risk of attack for people using server 2003 terminal services or XenApp on server 2003.

  5. Bladeforce

    FUD, FUD, FUD, FUD...

    I am down to FUD meaning "Fear, Uncertainty and Doubt" or "Fooked, Unwise, Delinquents" which ironically sums up the average windows user when they both switch their systems on and then continue to talk

  6. Anonymous Coward
    Mushroom

    Re: "unless a BOFH opens a email containing rigged PDFs from a vulnerable server"

    You'd be surprised.

    Some months ago a friend of mine had made an urgent request for me to pop by her office to take a look at their failing Microsoft Exchange 6.5 on Server 2003. Apparently their outsourced IT "support" (and I use the word "support" rather loosely here) were too incompetent to solve the problem.

    Anyhow. Dropped by her office. Asked for her to log into the server. My jaw hit the ground when I saw the desktop and then hit the core of the earth when I navigated "All Programs".

    Chrome? Check. Firefox? Check. Thunderbird? Check. Adobe Flash? Check. Adobe Reader? Check. Silverlight? Check. Nero? Check. Antivirus definitions dated 2009? Check. Firewalls disabled? Check. And I could go on forever, frankly.

    And this was on their corporate Exchange server.

    1. Tom 13

      Re: And I could go on forever, frankly.

      Look on the bright side: even though the av definitions were outdated, at least they hadn't turned OFF the av software and released all the malware that had been stored in quarantine.

      Yes, this actually happened at a client site circa the release of the "I Love You" virus. Yes, it was also on their Exchange server.

  7. Tree
    FAIL

    Why use Windows HATE, formerly known as Windows 8?

    My fngers are to FAT to use a touchy screen. Must use an older version of Windows for it to be usable. There are ways of keeping an old OS running well, not the least of which is to keep Adobe and Oracle programs off of the box. Good thing that Adobe did not get a contract to run a state health insurance exchange. Oracle is the contractor for the state of Oregon and they have not signed up a single person yet for insurance. Is that an "O" or a zero in 0racle? The biggest fail. Do not know if it is Java based.

    If an insurance application website was based on Adobe Acrobat, you would need to update your policy every 2 months. Flash would require constant updates to your policy, with different versions for male and female..

This topic is closed for new posts.

Other stories you might like