Microsoft is warning people still running Windows XP and Windows Server 2003 to beware of a newly-discovered vulnerability that is apparently already being exploited. The big lesson here? If you’re still running XP at this late stage, you have only yourself to blame.
Microsoft’s announcement of the bug doesn’t give a lot of detail, though it does note that exploiting the issue requires a local logon and can’t be done remotely. More disturbing? “We are aware of limited, targeted attacks that attempt to exploit this vulnerability.”
It’s understandable that Microsoft hasn’t given full details, since that would make it easier for others to exploit the vulnerability. What’s less understandable is why anyone is still running XP five months before Microsoft switches it off altogether. While migrating now will be potentially painful, it’s certainly better than the alternative.