Microsoft is investigating attacks against Windows XP and Server 2003 via a vulnerability found in the wild that allows standard users to execute code in the kernel.
The local privilege escalation flaw does not permit remote code execution and works only in the old Windows offerings.
"The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights," Microsoft wrote in an advisory.
FireEye researchers Xiaobo Chen and Dan Caselden who discovered the flaw said it was used in conjunction with a since-patched Adobe Reader exploit targeting versions 9.5.4, 10.1.6, 11.0.02 and prior. It could allow users to bypass the Adobe sandbox.
"The exploit produces shellcode which decoded a PE payload from the PDF, drops it in the temporary directory, and executes it," they wrote.
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
_(1).jpg&h=140&w=231&c=1&s=0)
