Seems like Microsoft had gotten a little too confident about the security of its ageing Windows operating systems and fell asleep at the wheel after the success that was Windows 7. Apparently, the software giant had forgotten that there are large numbers of people who still rely on older versions of its Windows operating system for their daily computing needs, for a new zero-day exploit against pre-Vista operating systems have been discovered by a security firm known as VUPEN Security.
Security vulnerabilities are an unavoidable fact of computing life today, regardless on the type of operating system you are on. After all, there is only so much an OS's developers (or volunteers) can do to safeguard the system from potential attempts by hackers to gain access and wreck havoc in another person's PC: there are bound to be holes which the maintainers might have unintentionally overlooked.
Needless to say, this situation makes for a very common scenario for people on Microsoft's Windows operating system. After all, pre-Vista versions of the Windows operating system were often derided by security experts as having security holes big enough for the metaphorical bus to drive through, and it seems that the past has come back to haunt Microsoft in the form of a new zero-day exploit which targets…yes, you guessed it, Windows XP. More specifically, Windows XP Service Pack 3, along with Windows Server 2003 Service Pack 2.
Details of the vulnerability are as follows:
As can be seen from the screenshot above, Microsoft has yet to release a patch that fixes the hole, so the only way users can protect themselves from the exploit will be to filter both UDP and TCP ports 138, 139 and 445. And considering that Microsoft just had its Patch Tuesday done last week, suffice to say having an exploit discovered so soon after a security update is going to have to be a bit of an embarrassment.
That being said, we'd rather see this news in a more positive light: after all, would this not be the perfect excuse to upgrade that Windows XP-powered PC of yours to Windows 7?
Source: VUPEN Security