A serious vulnerability affecting Windows XP and Windows Server 2003 was recently discovered. Microsoft issued advisory 2914486 to warn users about the vulnerability and recommend workarounds, but so far has not released a patch.

This vulnerability is being actively exploited, through the use of a specially-crafted PDF file. Opening such a file on a computer running Windows XP can result in an attacker gaining access to the computer.

The single workaround suggested in advisory 2914486 has some undesirable side-effects, including disabling VPN. But it may be better than the alternative, especially for users who frequently receive and open PDF files on Windows XP computers.

The usual advice applies: exercise extreme caution when browsing the web, clicking links in email, opening email attachments and opening files from unknown sources. When in doubt, don’t do it.

A post on the SANS ISC Diary blog has more, including a warning that these types of vulnerabilities may become much more common after Microsoft stops supporting Windows XP in April 2014. SANS has even coined a term for this event: Winmageddon.