Update on Latest Zero-Day Windows XP and Windows Server 2003 Vulnerability

Right before the Thanksgiving break, Microsoft confirmed a flaw in Windows XP and Windows Server 2003 that could result in an elevation of privilege. New information has come to light on the issue.

Rod Trent

December 2, 2013

2 Min Read
Update on Latest Zero-Day Windows XP and Windows Server 2003 Vulnerability

Right before the Thanksgiving break, Microsoft confirmed a flaw in Windows XP and Windows Server 2003 that could result in an elevation of privilege. You can catch all the details here: Microsoft Announces New Zero-Day Flaw Targeting Windows XP and Windows Server 2003.

New information has come to light on the issue. The exploit is centered on earlier Adobe Reader versions and updating to the latest Adobe Reader will help eliminate the potential for disaster. Adobe has long been a common attack point on Windows PCs, and the company has never been able to shake the public perception of producing a highly unsecure software. Back in August 2013, Adobe initiated an effort to try and change public opinion, which really came about 5 years too late. In What Adobe Has Done to Improve Security, they communicated their determination and provided some very logical methods for moving forward. However, Adobe also has a consumer problem. The majority of consumers just want their computer to work without having to install constant updates. I can't tell you how many times I've seen friends and family continue clicking the "remind me later" button for updates. Adobe has improved security in their most current releases, however unless the end-user willingly updates, Adobe's security sentiment still sits in the can.

Reader versions all the way up to 11.0.02 are vulnerable, causing the issue.

In Microsoft Security Advisory (2914486), Microsoft has offered a workaround, but that workaround breaks certain telephony functions on a PC running the older operating systems.

Others have offered other mitigations, including:

  1. Upgrade the latest Adobe Reader (most sensible and immediate)

  2. Upgrade to Microsoft Windows 7 or higher

Windows XP loses life on April 8, 2014 and many are now scrambling to upgrade before the deadline. Even for those sitting midway in their Windows XP migration projects would have to work 24 hours a day to upgrade the OS just to minimize the attack of an Adobe Reader flaw. It's much easier to just deploy the latest Adobe Reader version and get back to normal operations – for a while.

About the Author

Rod Trent

Rod Trent

See more from Rod Trent
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok
Unified Communications
Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?
byBrien Posey
Sep 12, 2024
4 Min Read
person placing a block between two columns of blocks
IT Management
Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?
byNathan Eddy
Sep 7, 2024
7 Min Read
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge
byIan Horowitz
Aug 30, 2024
1 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

tablet with "cloud computing" on the screen on top of financial documents and calculator
Cloud Computing
Guide to Cloud Computing ETFsGuide to Cloud Computing ETFs
A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles