Did You Know?



Reply
TripleHelix
Posts: 5,399
Topics: 404
Kudos: 3,291
Ideas: 5
Registered: ‎02-03-2012

MS Windows Local Privilege Escalation Zero-Day in The Wild

[ Edited ]

Microsoft Security Advisory (2914486): Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege:
https://technet.microsoft.com/en-us/security/advisory/2914486

MS Windows Local Privilege Escalation Zero-Day in The Wild | FireEye Blog:
http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-z...

FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP.

 

This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit.

Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it.

 

Mitigations

The following actions will protect users from the in-the-wild PDF exploit:
1) Upgrade to the latest Adobe Reader
2) Upgrade to Microsoft Windows 7 or higher

 

Daniel

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.