Saturday, 30 November 2013

CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered

Researchers at FireEye have discovered a new privilege escalation vulnerability in Windows XP and Windows Server 2003.

CVE-2013-5065, Local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit (CVE-2013-3346) that appears to target a patched vulnerability.
Microsoft has issued an advisory and warned that discovered bug in Windows XP's NDPROXY.SYS driver could allow hackers to run code in the system's kernel from a standard user account.

The exploit could allow a standard user account to execute code in the kernel, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges.


"Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003," Microsoft advised.

Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014, mean XP users will no longer receive security updates provided by Microsoft.

Users are advised to upgrade their system with latest Adobe Reader software and also upgrade to Microsoft Windows 7 or higher version.

No comments:

Post a Comment