Microsoft is warning about new reports of a vulnerability in a kernel component of Windows XP (and also in Windows Server 2003). Now the kernel is a computer program that translates requests from the software into instructions for the CPU and other components of the computer. So this vulnerability is at the heart of the system.
Microsoft’s Security TechCenter says they know about limited, targeted attacks to exploit this vulnerability.
The good news is that it doesn’t affect people using operating systems newer than XP. Vista, Windows 7 and Windows 8 & 8.1 users have nothing to worry about. Microsoft has been saying for a while that one of the reasons for ending support for XP in April 2013 is that the system just can’t stand up to modern day attacks. It’s a whole different world from when XP came out at the turn of the century.
How this attack works is that it elevates the privilege of the attacker. A person who successfully exploited the vulnerability could run any code they wanted on your computer. That person could install programs, see all of your data, delete data, change data or even create an account that gives him or her administrative rights to your computer or server.
Microsoft says they are currently working on a security fix and will provide the update when they figure out how fix it.
After XP support ends on April 8, 2014 – they’re won’t be any more security updates. If hackers exploit a vulnerability, no team of security experts at Microsoft is going to rush to fix it.