2 December 2013

Microsoft has issued a warning about a critical vulnerability affecting Windows XP and Windows Server 2003 systems.

Most private, home users are unlikely to be affected because the vulnerability cannot be exploited remotely. An attacker requires logon access to your computer to exploit this weakness.

An attacker who can get logon access could use this vulnerability to install programs, view, change or delete data.

A remote attack may be possible if an attacker uses another method or malware to gain access to your system first, before exploiting this new vulnerability. Reports of attackers using a separate (old) flaw in Adobe Reader, combined with this new vulnerability have been noted.

The Adobe Reader vulnerability is applicable only to older versions of Adobe Reader (and has since been patched by Adobe). If you are using the latest version of Adobe Reader, you will not be affected.

Microsoft has issued recommendations for a workaround solution (found under the suggested actions menu) to restrict the vulnerability in the operating system, however these do require some technical experience to execute, and will prevent the functionality of some services on your computer including Remote Access Services (RAS) and Virtual Private Networking (VPN).

If you use Windows XP (or Windows Server 2003) you should ensure your operating system is up to date.

Ensure you are using the latest version of Adobe Reader.

Make sure you are using up to date security software.

If you do require the use of XP, Server 2003 and Adobe Reader versions that may cause you to be vulnerable, you should consider the workaround suggested.

After April 2014, Windows XP will no longer be supported by Microsoft. You should be preparing to update your operating system before this deadline.

More information

Further description by security firm FireEye that first identified the vulnerability.

Microsoft’s advisory and recommendations about the vulnerability.

Stay Smart Online steps for securing your computer.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online