Hackers now crave patches, and Microsoft's giving them just what they want
At least one of next Tuesday's updates looks like an excellent candidate to hackers as they sniff for bugs in the now-retired Windows XP
Computerworld - Hackers will have at least one, perhaps as many as four, patches next week to investigate as they search for unfixed flaws in Windows XP, the 13-year-old operating system that Microsoft retired from support April 8.
"Come Tuesday, Microsoft will be patching some vulnerabilities in Windows, and it is realistic to assume that at least one of these will also affect Windows XP," said Kasper Lindgaard, director of research and security at Secunia, in an email Friday. "Generally speaking, newly discovered vulnerabilities in XP will be unpatchable for private users, and therefore we will see a rise in attacks."
On May 13, Microsoft's regularly-scheduled monthly Patch Tuesday, the Redmond, Wash. company will issue eight security updates for its software. But because it has stopped providing updates to owners of Windows XP PCs, those customers will not see any of the eight.
Hackers looking for vulnerabilities in Windows XP will be using the patches to find vulnerabilities in XP, Microsoft and security experts have said. By conducting before- and after-patch code comparisons, attackers may be able to figure out where a vulnerability lies in Windows 7 -- which will be patched -- then sniff around the same part of XP's code until they discover the bug there. From that point, it will be relatively straight forward for them to craft an exploit and use it against unprotected XP PCs.
"Patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and if applicable, modified to work against Windows XP," Lindgaard said.
He's not the only one who believes hackers will leverage updates to find unpatched bugs in XP. So does Microsoft.
"After April , when we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP," said Dustin Childs, director of Microsoft's Trustworthy Computing group, last October. "If they succeed, attackers will have the capability to develop exploit code to take advantage of them."
Four of the eight scheduled security updates that Microsoft plans to ship next week look like candidates for hackers because they will affect all client versions of Windows, including Windows Vista, Windows 7, Windows 8 and Windows 8.1. Before Microsoft stopped pushing patches to XP, it was rare for an update to fix one or more newer editions of Windows, but not patch XP at the same time.
One of the four will impact all instances of IE, so there's a very high chance that that update would have patched the pertinent editions of the browser -- IE6, IE7 and IE8 -- on Windows XP if Microsoft had continued updating the old OS. The upcoming fix for IE was rated "critical," Microsoft's highest threat warning, and was also tagged with the phrase "remote code execution" in last week's advance notification, meaning that if successfully exploited, attackers could hijack the PC and plant malware on its drive.
Windows XP lives
- XPocalypse, not now
- Windows XP hack resurrects patches for retired OS
- Bug bounty program outs 7-month-old IE zero-day
- CA Technologies releases free XP migration tool
- Windows XP's U.S. farewell tour to last most of '14
- Microsoft sticks to vow, leaves XP exposed to ongoing attacks
- Microsoft's Patch Tuesday gives XP attackers a roadmap
- Microsoft: We're serious this time; XP's dead to us
- Windows XP die-hards can slash attack risk by dumping IE
- Hackers now crave patches, and Microsoft's giving them just what they want
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts