Vulnerability being used in the wild in combination with exploit of patched Adobe Reader vulnerability.
Researchers at
FireEye
have discovered a new privilege escalation vulnerability affecting
Windows XP
and
Windows Server 2003
that is being used in the wild.
For those US-based system administrators who were hoping to spend the Thanksgiving weekend away from their networks,
Microsoft
has bad news. The company has issued an
advisory
on a new zero-day vulnerability that has been discovered in a kernel component of
Windows XP
and
Windows Server 2003
.
The vulnerability, which has been assigned the CVE number
CVE-2013-5065
, allows a local user to execute commands with the privileges of an administrator. It does not allow for remote code to be executed on the machine, but for an attacker who is able to do so using another vulnerability, or through social engineering, it will be rather valuable.
Researchers at
FireEye
, who
discovered
the vulnerability, say it is being used in the wild together with an exploit against a vulnerability in
Adobe Reader
. That vulnerability, however, has been patched in the latest
Reader
versions.
Apart from making sure the
Adobe Reader
version one uses is up to date,
Microsoft
encourages users to deploy a simple
workaround
.
Of course, upgrading to a newer version of
Windows
is a more permanent solution to this vulnerability, especially because no more patches for
Windows XP
will be issued after April 2014 (
Windows Server 2003
will continue to receive patches until July 2015). However, for various reasons, many organisations say they are not able to make the upgrade. In light of this, it may not come as a surprise that a poll run on this website shows that three out of four visitors support
Google
‘s
decision
to extend support for its
Chrome
browser on
Windows XP
beyond the operating system’s end-of-life.
Posted on 28 November 2013 by
Martijn Grooten
Leave a Reply