Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft warns Windows XP, Server 2003 users of zero day flaw

2 min. read

Published onNovember 29, 2013

published onNovember 29, 2013

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Customers still on Windows XP, and there are many thanks to corporate IT departments, have a number of reasons to be concerned. The biggest of which is that the operating system is scheduled to die this coming April. No, it won’t suddenly stop working, you’ll still be able to boot up your computer and continue on your merry way, but Microsoft will no longer support it. That’s important, because it means that bugs and security flaws will not be patched.

Now Microsoft is warning of one of those flaws, in the form of a new zero day vulnerability in the vintage OS. Advisory 2914486 states that the company “is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability.” The software giant does promise that this bug does not affect newer versions of Windows, only those on XP and Server 2003 have reason for concern.

Security researchers atSophosexplain the problem as a “bug is in the NDPROXY.SYS driver, which co-ordinates the operation of Microsoft’s Telephony API (TAPI).” The researchers go on to announce that instances have been found in the wild. Sophos also claims that, due to the nature of the exploit, it presents a rather tough problem, when it comes to finding a solution. That’s never what you wish to hear, especially if you have hundreds of these systems deployed in your business.

At the moment, there is no solution for the problem. The company states only that “upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.” In other words, all Microsoft can really do right now is tell customers to stay calm and hope for the best.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina