The vulnerability, CVE-2015-2418, was reported to Microsoft by James Forshaw of Google’s Project Zero research team and will be addressed in version 5.26 of the MSRT. “An attacker could then install programs view, change, or delete data or create new accounts with full administrative rights.” An authenticated attacker who successfully exploited the vulnerability could elevate privileges on a target system,” the advisory said. “The vulnerability could allow elevation of privilege if an attacker logs on to a target system and places a specially crafted dynamic link library (.dll) file in a local directory. Microsoft said yesterday that it had updated the MSRT to patch a race condition flaw that would allow an attacker with credentials to elevate privileges on a compromised system Microsoft also released a pair of security advisories that merit attention, in particular one warning of a vulnerability in the Malicious Software Removal Tool, a utility that removes malware infections from supported versions of Windows. In case you’re keeping score, there have been three Adobe Flash Player zero days, another in the Windows kernel, and a Java 0day. All of the zero-day vulnerabilities uncovered in the Hacking Team breach to date were fixed. The news was buried in an avalanche of patches not only from Microsoft, but also from Adobe and Oracle. Netmarketshare, however, reports that XP still holds 12 percent of the desktop market share, and a number of breaches, in particular those in the retail and hospitality space, involved point-of-sale servers still running the 14-year-old OS. Microsoft said last year that signatures and updates for Microsoft Security Essentials would continue for a limited time, and the Microsoft Malicious Software Removal Tool would also be available for XP users for a limited time.īoth expired yesterday as Microsoft reaffirmed that customers should move on to current versions of the operating system. Keeping to its word, Microsoft ended security support for existing Microsoft Security Essentials customers running Windows XP, a little more than a year after support officially ended April 8, 2014. Navy document showed that it had extended a support contract with Microsoft for two more years meaning that its systems will continue to receive XP security patches until 2017.įor other XP installations that have not entered into similar commitments, the clock ran out yesterday on signatures. Yes, there are still some rather large organizations maintaining their investments in Windows XP, as we recently learned when an unclassified U.S.
0 kommentar(er)
