Windows XP’s ndproxy.sys driver is in deep trouble as a new zero-day exploit that has been causing issues for the driver was reported by Microsoft. The Telephony API from Microsoft, whose operation involves the driver, is what Sophos, a security vendor says.
What Sophos' Paul Ducklin Says?
In a blog post, Sophos' Paul Ducklin commented, "Even though EoP (Elevation of Privilege) holes aren't directly exploitable by remote attackers, cybercriminals can combine an EoP with a conventional exploit, such as a drive-by malware attack against your browser or other content-rendering software".
No patch release
Currently there has been no patch release for the counteraction against the bug exploit. Windows 2003 and Windows XP are the main two versions of the Windows operating system that have succumbed to the bug exploits.
Tweaking the registry
For availing protection against the bug, Ducklin says that a "simple registry tweak" is all that is enough. Ducklin also says that the bug exploit that is used to full effect by the hacker could "run arbitrary code in kernel mode." He also says, "An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights,”. He also mentioned that the kernel mode "is like being an administrator's administrator".
Upgrade from Windows XP
Therefore, to get away from all problems that a user may encounter, the best option Ducklin suggests is to use Windows versions that have had recent releases like Windows 7. With support for Windows XP already over, Microsoft urges its Windows XP customers to move forward to their latest operating systems. Windows Vista, Windows 7 and Windows 8 have all been released post the arrival of Windows XP and the Windows 7 has turned out to be a runaway success with most number of users around the world.
'Interim workaround' from Microsoft
Microsoft has currently come up with an 'interim workaround' so that the problematic NDPROXY.SYS driver does not load and instead, loading of an empty driver file takes place. He also says, ”Simply deleting the file won't do, as the Windows driver cache will helpfully restore it for you. (Anyway, deleting the file is permanent and thus a hassle to reverse if it doesn't work out)".
Bug exploits can be a huge concern for customers and for them to get assurance regarding the working of their OS from Microsoft, they may contact the Windows tech support center. Windows tech support center is the premier tech support service providing Windows customers with the best solutions and assistance.
What Sophos' Paul Ducklin Says?
In a blog post, Sophos' Paul Ducklin commented, "Even though EoP (Elevation of Privilege) holes aren't directly exploitable by remote attackers, cybercriminals can combine an EoP with a conventional exploit, such as a drive-by malware attack against your browser or other content-rendering software".
No patch release
Currently there has been no patch release for the counteraction against the bug exploit. Windows 2003 and Windows XP are the main two versions of the Windows operating system that have succumbed to the bug exploits.
Tweaking the registry
For availing protection against the bug, Ducklin says that a "simple registry tweak" is all that is enough. Ducklin also says that the bug exploit that is used to full effect by the hacker could "run arbitrary code in kernel mode." He also says, "An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights,”. He also mentioned that the kernel mode "is like being an administrator's administrator".
Upgrade from Windows XP
Therefore, to get away from all problems that a user may encounter, the best option Ducklin suggests is to use Windows versions that have had recent releases like Windows 7. With support for Windows XP already over, Microsoft urges its Windows XP customers to move forward to their latest operating systems. Windows Vista, Windows 7 and Windows 8 have all been released post the arrival of Windows XP and the Windows 7 has turned out to be a runaway success with most number of users around the world.
'Interim workaround' from Microsoft
Microsoft has currently come up with an 'interim workaround' so that the problematic NDPROXY.SYS driver does not load and instead, loading of an empty driver file takes place. He also says, ”Simply deleting the file won't do, as the Windows driver cache will helpfully restore it for you. (Anyway, deleting the file is permanent and thus a hassle to reverse if it doesn't work out)".
Bug exploits can be a huge concern for customers and for them to get assurance regarding the working of their OS from Microsoft, they may contact the Windows tech support center. Windows tech support center is the premier tech support service providing Windows customers with the best solutions and assistance.
No comments:
Post a Comment