Vulnerability May Allow Privilege Escalation On Windows XP and Windows Server 2003

Microsoft has released advisory 2914486 (a.k.a. CVE-2013-5065) which warns that a vulnerability exists within the kernel of the now deprecated Windows XP and Windows Server 2003 kernel that could allow remote privilege escalation.

More specifically ndproxy.sys contains a bug that can allow a local user to elevate their privileges and this has indeed been discovered in the wild by FireEye. The exploit seen in the wild utilized specially crafted PDF document with embedded shellcode that it then executes, using the aforementioned exploit to obtain administrative privileges.

FireEye notes that using an updated version of Adobe Reader is one potential mitigation strategy. Despite XP’s end of life status it is imperative that Microsoft release a patch for what has the potential to become a very serious issue for the millions of legacy machines still in place at financial institutions, government departments and even residences around the world. Telling users to simply upgrade their PDF reader to one that will not allow the payload to execute is a band-aid solution. Microsoft must fix their kernel, especially in a product that they have vowed to continue extended support for until at least April 2014.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s