Microsoft Announces New Zero-Day Flaw Targeting Windows XP and Windows Server 2003

Windows XP has taken a hammering, lately. The OS expires on April 8, 2014 and many (even Microsoft) have suggested that a stack of security attacks are waiting to catch those still harboring the decrepit OS unawares. Whether this could be true or not, it certainly seems like active vulnerabilities in the almost 13-year OS are accelerating. This makes it even more important to hustle through any migration plans that are in process or to kick start any that are stalled.

Today, Microsoft has announced a critical vulnerability in the Microsoft Windows Kernel that could allow elevation of privilege on Windows XP and Windows Server 2003. FireEye, Inc. reported the issue to Microsoft.

There is currently no fix available, however Microsoft has communicated a workaround that, when applied, will break telephony services which include Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).

The Security Advisory has been posted here: Microsoft Security Advisory (2914486)