New vulnerability on Windows XP SP3

Discussion in 'other security issues & news' started by Nanobot, Jul 23, 2014.

  1. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    238
    Location:
    Neo Tokyo
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    I'm surprised that there weren't more 0-day vulnerabilities disclosed for Windows XP in previous months. I'm sure there will be others following this one.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That is because you believed FUD/propaganda that originated from Microsoft :)

    But leaving that aside, while I'm sure that more vulnerabilities will be found in Windows XP, I don't think that their number will be as big as people were afraid it would be...
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    Well, not really :) I just thought that hackers/agencies/governments would stockpile vulnerabilities and start using them after XP support has ended. Though they might be saving them and will use them when they'll need them.
     
  5. davews

    davews Registered Member

    Joined:
    Apr 8, 2014
    Posts:
    13
    "Affected Product: Bluetooth Personal Area Networking"
    So you have to have a Bluetooth device on your XP machine and it seems communicate with that device to inject the nasty. It would require the hacker to be within feet of your computer...
     
  6. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    More vulnerabilities will soon emerge...;)
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    No, it just requires that you have that driver installed and to be able to run code on that computer. However, if you don't use Bluetooth you don't even have that BthPan.sys unpacked on your XP computer (from my experience), so there is no chance for an attacker to exploit this vulnerability.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    I checked my Windows XP VM installation and found BthPan.sys extracted in c:\windows\system32\drivers folder although I have no Bluetooth device installed. I also never installed or attached any BT device. However I don't know if the driver is loaded during system startup.
     
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Use Sysinternals Autoruns to check whether it's loaded?

    Edit: or buy Windows 7 and some RAM. Or a decent used computer, Pentium D era or later. Seriously, I love messing around with old hardware, but there's a point at which the increased capabilities of new machines start to justify spending money. (Especially given the maintenance time that can go into maintaining old machines.)
     
    Last edited: Jul 24, 2014
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Home or Pro?

    On my Home SP3 the only place where that file resides is inside c:\WINDOWS\Driver Cache\i386\sp3.cab
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    Windows XP Pro Sp3 with all updates installed.
     
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    That might explain the difference.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    I used Autoruns and it doesn't show it as loaded, so it looks like it's just extracted there in case user ever attaches BT device to computer.

    I use Windows XP in Virtualbox for testing purposes only. I use Windows 8.1.1 for my computing...
     
  15. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Same here. Can you just blacklist that driver? Or because I'm using Driver Radar Pro, can it just be removed from my DRP Whitelist?
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    CVE-2014-4971 includes more than has been mentioned in this thread so far.
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    They might not be nice enough to tell us what they have :).
     
  18. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Interesting, indeed. From the link you posted, it seems that there are two different vulnerabilities that are exploited in (roughly) the same way.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,067
    I wouldn't count on it :)
     
  20. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    438
    Location:
    The Outer Limits
    It`s kind of exciting, the start of the avalanche and kind of, is that all ?

    Regards Eck:)
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047

    Yawn, the same old mantra. I have a perfectly health Lenovo Tablet that runs XP Tablet. Upgrading it would be a mess. I see no reason to as the software that protected it for the 3 years I did no windows updates is still protecting it. No infections.
     
  22. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
  23. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    LOL ! I have a Lenovo Tablet that I use to get my car out of snow drifts as the all Chinese bits give extra grip. Seriously, no one would keep and aged non supported O/S in service with anything important on it.
     
  24. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    That link is more Microsoft FUD. You didn't read what I wrote. I haven't done windows updates on that machine for 3 Years, I repeat 3 years. I've used the same software to protect that I am still using. NO INFECTIONS. I see no reason to retire it until it fails.

    And no I wouldn't even consider that SP4
     
Loading...