Security Protection – Harry Waldron MVP Rotating Header Image

Windows XP exploit – works in concert with Adobe Reader vulnerability

Home and corporate users will benefit greatly in phasing out Windows XP, for the more secure kernel and browser architectures offered by Windows 7 and 8.1 … PC Magazine shares awareness of new vulnerability affecting older Windows XP version only.

http://securitywatch.pcmag.com/vulnerabilities/318465-latest-microsoft-zero-day-targets-xp-unpatched-adobe-reader

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE: Microsoft confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 is currently being exploited in active attacks. If you are still running XP, why don’t you put a new computer on your wish list?  Originally reported by researchers at FireEye, the the issue is an elevation of privilege flaw which allows an attacker to run arbitrary code in kernel mode. By exploiting this bug, an attacker could install additional programs, view or modify data, or create new administrator accounts on the computer, Microsoft said in its security advisory, released on Wednesday. Microsoft also said the attackers must first log in with valid account credentials to launch the exploit, and the vulnerability cannot be triggered remotely or by anonymous users.  “It is being abused in the wild in conjunction with an Adobe Reader vulnerability that had a fix published in August 2013,” said Wolfgang Kandek, CTO of Qualys. Users running outdated versions of Adobe Reader 9, 10, and 11 on Windows XP SP3, FireEye researchers Xiaobo Chen and Dan Caselden wrote on the company blog. Chen and Caselden recommended. Later versions of Windows are not affected.

Comments are closed.