Networking equipment developer Cisco warns Windows XP users for a vulnerability which allows attackers to take full control over a computer using an USB stick. The vulnerability exists in the Windows XP FAT32 file system driver.
Microsoft patched the vulnerability in October for Windows Server 2003, Windows Vista and Server 2008. Windows XP with Service Pack 3 is also vulnerable, according to Marcin Noga from Cisco. Because XP no longer receives security patches from Microsoft the vulnerability won't be patched. To exploit the vulnerability an attacker can use a malicious USB stick with a malformed FAT32 partition on a vulnerable system.
The problem is caused by vulnerable code in the FastFAT.sys drive and can be attacked using a malformed FAT32 boot sector on a USB stick. The USB stick will cause a "pool overflow" which allows the attacker to elevate his rights and can gain administrator rights. According to Noga the exploit is hard to attack but shouldn't be ignored.
"This vulnerability is obviously a serious issue for users who are still running Windows XP. Unfortunately, due to Windows XP being no longer, the vulnerability is not going to be patched. Therefore, users will need to upgrade to a newer version of Windows to be safe from this particular vulnerability", according to the researcher. Earlier also Trend Micro warned for this specific vulnerability but didn't mention it also affects Windows XP users.
There's also another option, by changing a registry value in Windows XP. The trick relies on the fact that while Microsoft has ended support for XP it continues to support Windows Embedded PoSReady 2009, an OS based on the XP kernel, until 2019. The registry key will trick Windows Update into thinking you're actually running PoSReady 2009 and therefore you're still entitled to updates. There’s no guarantee all updates will work perfectly since XP and PoSReady 2009 aren’t exactly the same OS. The trick only works on the 32-bit version of XP.
