Last month I said “I am sure that the bad guys have been saving up exploits for XP that they are just now unleashing – hoping that Microsoft will never fix them.” With MS14-021 it looks like the bad guys were doing just that. And fortunately Microsoft made an exception and included XP in the fix – this time.
I’ve decided to expand the scope of this upcoming webinar on XP security and how you can protect yourself from XP and its malingering (phonetic-literal sense) presence. There’s more you can do than you might think.
In addition to covering Data Execution Protection in XP SP2 we will also discuss the MS14-021 0-day exploit. There’s a lot that can be learned from it – especially the work around offered by Microsoft which involves disabling the little-used Vector Markup Language. XP is a huge amount of code but most installations of XP today only use a comparatively small portion of the OS. So reducing XP’s attack surface is a major step in the right direction for an operating system that you no longer receive patches for. We’ll look at how you can do that in terms of:
- Uninstalling unneeded features
- Stopping unneeded services
- Disabling unneeded features
But another underutilized resource for securing XP is the Enhanced Mitigation Experience Toolkit (EMET). EMET still offers a significant amount of functionality that helps lockdown XP including:
- DEP
- SEHOP
- NULL page
- EAF
- Bottom-up
- Load library checks
- Memory protection checks
- Simulate execution flow
- Stack pivot
So I’ll show you EMET and what it takes to deploy that, what the management load is, etc. Finally we’ll look at some advanced features in Internet Explorer, some that apply to XP and some that don’t, such as Enhanced Protection Mode to increase protection against 0-day exploits.
But even with all the practical tips I will cover, at the end of the day, XP and resources from Microsoft for XP are static – frozen in time – but the bad guys are not. The only way to fully address XP security issues until you can finally migrate way from it is to enlist the help of someone that is actively improving their security technology to stay ahead of the bad guys advances. That’s why I’ve asked CarbonBlack to sponsor this webinar. After my presentation discussing native controls in XP, Christopher Strand will show how CarbonBlack trusted platform and advanced memory protection can protect legacy XP systems with multiple layers of defense.
This will be a highly technical, real training for free ™ event so don’t miss it.
Please register now!