Cross-Post from Security list sent by Susan Bradley. See below.
Microsoft Releases Security Advisory 2914486 - MSRC - Site Home - TechNet Blogs: http://blogs.technet.com/b/msrc/archive/2013/11/27/microsoft-releases-security-advisory-2914486.aspx On 11/27/2013 2:39 PM, Susan Bradley wrote: > Microsoft Security Advisory (2914486): Vulnerability in Microsoft > Windows Kernel Could Allow Elevation of Privilege: > https://technet.microsoft.com/en-us/security/advisory/2914486 > > MS Windows Local Privilege Escalation Zero-Day in The Wild | FireEye > Blog: > http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-window > s-local-privilege-escalation-zero-day-in-the-wild.html > > > FireEye Labs has identified a new Windows local privilege escalation > vulnerability in the wild. The vulnerability cannot be used for remote > code execution but could allow a standard user account to execute code > in the kernel. Currently, the exploit appears to only work in Windows XP. > > This local privilege escalation vulnerability is used in-the-wild in > conjunction with an Adobe Reader exploit that appears to target a > patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, > 11.0.02 and prior > <http://www.adobe.com/support/security/bulletins/apsb13-15.html> on > Windows XP SP3. Those running the latest versions of Adobe Reader > should not be affected by this exploit. > > Post exploitation, the shellcode decodes a PE payload from the PDF, > drops it in the temporary directory, and executes it. > > *Mitigations* > > The following actions will protect users from the in-the-wild PDF > exploit: > 1) Upgrade to the latest Adobe Reader > 2) Upgrade to Microsoft Windows 7 or higher > > This post was intended to serve as a warning to the generic public. We > are collaborating with the Microsoft Security team on research > activities. Microsoft assigned CVE-2013-5065 to this issue. > > We will continue to update this blog as new information about this > threat is found. > > [Update]: Microsoft released a security advisory 2914486 > <http://technet.microsoft.com/en-us/security/advisory/2914486> to this > issue. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan]
<<inline: image001.jpg>>
