Microsoft has said that it is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003.
Saying in an advisory that it is aware of limited, targeted attacks that attempt to exploit this vulnerability, it confirmed that the flaw is exclusive to users of XP and Server 2003 and that the vulnerability is an elevation of privilege. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights,” it said.
Wolfgang Kandek, CTO of Qualys, said: “This acknowledges a kernel vulnerability that can be used to gain administrator privileges. It is being abused in the wild in conjunction with a Adobe Reader vulnerability that had a fix published in August 2013.
“Users that have the latest version of Adobe Reader are immune to the attack, as well as users that are running on Windows Vista or later.”
Research by FireEye found that the vulnerability cannot be used for remote code execution, but could allow a standard user account to execute code in the kernel. It recommended upgrading to Windows 7 or higher, and upgrading to the latest version of Adobe Reader.