Hackers Retirement Party For Win XP SP2 and you're not invited


On the eve of the retirement of Windows XP SP 2 a new Day Zero vulnerability plagues the Internet. Cyber criminals are currently taking advantage of vulnerability in Windows XP SP 2 shortcut files and a user simply tricked in to viewing files contained on a USB stick can trigger the vulnerability.

 

To date it has been reported that the exploit has only been seen in limited targeted attacks however some of those attacks have been against critical infrastructure.

 

While properly securing the endpoint and its respective removable media will go a long way in mitigating the risk of this current issue consideration must be given to the fact that Windows XP SP 2 will no longer have security patches made available by Microsoft. Simply put with the retirement of Windows XP SP2 the risk of continuing to operate it in the enterprise environment goes up exponentially.

 

For those users that simply cannot move off of Windows XP SP2 significant risk can be mitigated using Application Control / White Listing and gaining control of removable media with Device Control. With that being said it is prudent to remind administrators that software that is not regularly patched to the most current secure version has no place operating in the enterprise environment.