On the eve of the retirement of Windows XP SP 2 a new Day Zero
vulnerability plagues the Internet. Cyber criminals are currently
taking advantage of
vulnerability in Windows XP SP 2 shortcut files and a user
simply tricked in to viewing files contained on a USB stick can
trigger the vulnerability.
To date it has been reported that the exploit has only been seen
in limited targeted attacks however some of those attacks have been
against
critical infrastructure.
While properly securing the endpoint and its respective
removable media will go a long way in mitigating the risk of this
current issue consideration must be given to the fact that Windows
XP SP 2 will no longer have security patches made available by
Microsoft. Simply put with the retirement of Windows XP SP2 the
risk of continuing to operate it in the enterprise environment goes
up exponentially.
For those users that simply cannot move off of Windows XP SP2
significant risk can be mitigated using Application Control / White
Listing and gaining control of removable media with Device Control.
With that being said it is prudent to remind administrators that
software that is not regularly patched to the most current secure
version has no place operating in the enterprise environment.