If you need another reason to upgrade from Windows XP or Server 2003, then the new zero-day exploit is the 'tip of the iceberg.' Microsoft can preach about the evils of clinging to Windows XP all that the company wants, but the desktop operating system market share for November 2013 still shows Windows XP at over 31%, according to NetMarketShare. Windows 7 is the most popular OS, at 46.6%. What’s really sad is that more users have the hated Windows Vista, 3.57%, than Microsoft’s newest offering Windows 8.1, which is only on 2.64% of desktop PCs. Windows 8 came in with an unlucky 666, or 6.66%.Yet users still stuck on XP should take note of Microsoft Security Advisory 2914486, which warns of yet another XP zero-day in the wild. Microsoft said it was aware of “limited, targeted attacks” exploiting “a vulnerability in a kernel component of Windows XP and Windows Server 2003.”The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.On Nov. 27, FireEye Labs identified the new zero-day and warned:This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit.The description for CVE-2013-5065 states, “NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.” NDProxy “is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services.” Microsoft explained that “an attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrator rights.” A temporary fix is to reroute the NDProxy service to Null.sys, but that breaks other TAPI services such as Remote Access Service (RAS), dial-up networking, and virtual private networking (VPN).You can keep hating Windows 8 if you want, but you must at least upgrade to Windows 7. Support for XP ends on April 8, 2014. “The real story is that this zero day is just the tip of the iceberg. Malware authors today are sitting on their XP zero day vulnerabilities and attacks, because they know that after the last set of hotfixes for XP is released in April 2014 that their exploits will work forever against hundreds of thousands (millions?) of XP workstations,” wrote Metafore’s Rob VandenBrink on SANS Internet Storm Center. “If you are still running Windows XP, there is no project on your list that is more important than migrating to Windows 7 or 8. The ‘never do what you can put off until tomorrow’ project management approach on this is on a ticking clock, if you leave it until April comes you’ll be migrating during active hostilities.”If you upgrade to Windows 8, or the newest flavor of 8.1, then you might also want to consider investing in a touchscreen monitor, an all-in-one PC, or a hybrid tablet/laptop as Microsoft, and therefore Microsoft One, believes in touch as the future.Like this? Here’s more posts:Hollywood’s anti-piracy propaganda turned into K-12 curriculum in CaliforniaHow Microsoft invented, or invisibly runs, almost everythingMicrosoft cybersecurity report warns users about the evils of clinging to XPDrivers beware: Roadblocks where cops collect ‘voluntary’ blood and saliva samplesCryptoLocker crooks charge 10 Bitcoins for second-chance decryption serviceThat’s no poltergeist invading your privacy: Spooky spying hacks make homes seem hauntedPorn-surfing corporate bosses infect networks, then keep data breaches a secretOne million Xbox One consoles sold but Microsoft’s cloud choked on launch dayLG Smart TV spying, owner claims his USB filenames posted on LG serversIf the future is ‘One Microsoft,’ should you invest in a touchscreen monitor?LG Smart TV spying whiplash: LG removes Smart Ad video and changes statementFollow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe