Skip to main content

Microsoft Windows XP Vulnerability Allows Users to Elevate Themselves to Admins

By December 2, 2013March 7th, 2023Blog, Cybersecurity

Windows_Logo_by_reenanIf you’re still working with XP, now may be an excellent time to upgrade; the bug reports continue to increase, and Microsoft just issued a new one that could potentially damage a business’ internal infrastructure.

As of the 27th, Microsoft has launched an official security advisory for all Windows XP users. While the instances of the vulnerability have been limited at best, there have still been a number of reports. The new bug allows a user – say, a limited-use user of a computer that has a different admin – to elevate themselves to the admin position on any machine. While in some ways this may be harmless, most anyone that is exploiting this flaw in XP would likely use it to view, change, or delete data or accounts, in addition to having the ability to run malicious code in kernel programs to collect or damage important data.

Microsoft assures its XP users that they are working on correcting this flaw as soon as possible and that an update will be available soon. The company also mentions that an intruder must have a valid login to the computer in the first place and cannot take advantage of a locked machine that’s password protected. Furthermore, no reports have been made of any sort of remote access, even if the computer is logged in and in use.

Microsoft states that once it’s done with the investigation, it believes that the easiest way to deal with the issue will be to provide a security update that’s early or, if they cannot fix it with a simple update, changing the way the obsolete login works in the next monthly update coming up in January.

XP has been around for over a decade now and is Microsoft’s oldest version of Windows that still maintains an update schedule. Support for XP will be ending early next year, so problems such as the one above will no longer be repaired officially through Windows security updates.

The official security advisory can be found here along with the suggestion actions.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.