Cisco Blogs

Cisco Blog > Threat Research

MS14-063 A Potential XP Exploit

This post was written by Marcin Noga with contributions by Earl Carter and Martin Lee.

New vulnerabilities for old operating systems may not seem particularly interesting, until you consider the large number of legacy machines running outdated versions of Windows. Windows XP has reached its end of life, meaning that new vulnerabilities will not be patched. In this post we will show that a recent vulnerability can be used as a platform for exploiting Windows XP.

In October, Microsoft released a bulletin for a privilege escalation vulnerability in the FASTFAT driver that was released as:

MS14-063 — Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)CVE-2014-4115.

Let me present some of the most interesting parts of the advisory and add some details from my own research.

When the bug kicks in…

In the advisory, Microsoft indicates that the following OS’s are vulnerable:

  • Microsoft Windows Server 2003 SP2
  • Vista SP2
  • Server 2008 SP2

The Microsoft bulletin does not mention Windows XP, since Windows XP is no longer supported. According to my research, however, this vulnerability is also present in the Windows XP FASTFAT driver.

See the following video.

This vulnerability can be exploited on Windows XP SP3 using a malicious usb stick with a malformed FAT32 partition. Let’s examine the reaction when the USB is inserted into the system.

Read More »

Tags: , , , , ,

The End of Support for Windows XP: Problem or Opportunity?

EOLWindowsXPLast night , at midnight PST , Microsoft ended support for Windows XP.
While 12 years may seem an appropriate length of time to support a software product in today’s fast-changing world, this decision will have a major impact on the business operations of many companies whose IT infrastructure is based on the retiring operating system.

Through necessity, work arounds can likely be created for any technical issues that arise after this date.  Of significantly more concern is the end of security updates.  Without security updates, vulnerabilities exploited by malware will not be corrected.  According to Microsoft, “PCs running Windows XP after April 8, 2014, should not be considered to be protected.”  For any organization, whether large or small, this means increasingly greater risk over time of having servers successfully hacked and sensitive data exposed.  What does this mean to IT and users? Again, according to Microsoft, “It means you should take action.”
Read More »

Tags: , , , , ,

One Week After April First, It’s No Joke

April first falls on a Tuesday next year. The following Tuesday is Microsoft’s monthly security update. It will be the last monthly security update for the Windows XP operating system. About one third of the computers with Windows operating systems on the Internet today are still running Windows XP, an operating system almost 15 years old. After the April 2014 update, issues with Windows XP will no longer be patched; Windows XP users should have already migrated to a more current Windows version. So with that we present, David Netterman’s Top Ten Security Related Reasons Why You Should Upgrade Your Computer’s Old Operating System:
Read More »

Tags: , , , , ,