11-27-2013 03:56 PM - edited 11-27-2013 03:59 PM
Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege:
MS Windows Local Privilege Escalation Zero-Day in The Wild | FireEye Blog:
FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP.
This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit.
Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it.
The following actions will protect users from the in-the-wild PDF exploit:
1) Upgrade to the latest Adobe Reader
2) Upgrade to Microsoft Windows 7 or higher
Webroot® SecureAnywhere™ Internet Security Complete Beta Tester v188.8.131.52 on my main system Alienware 17R2 with Windows 10 Professional x64 Version 1703 (Build 15063.296) & Motorola Moto Z Android 7.0 Nougat with WSA Mobile Complete v184.108.40.20660 which is full Cloud now as well! I also test new Windows Insider 32bit & 64bit builds on Virtual Machines.
Microsoft® Windows Insider MVP - Windows Security