Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Microsoft/Windows / Win XP, Server 2003 Zero-Days Found
Win XP, Server 2003 Zero-Day Exploits Use Adobe Reader
Win XP, Server 2003 Zero-Day Exploits Use Adobe Reader
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
02
2013

Another month, another zero-day vulnerability. Relevant Products/Services is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003, accessed using older versions of Adobe Reader.

Redmond said it is aware of limited, targeted attacks that attempt to exploit the flaw. The good news: The company's investigation of the vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003.

"The vulnerability is an elevation-of-privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," Microsoft explained in an alert. "An attacker could then install programs; view, change, or delete Relevant Products/Services; or create new accounts with full administrative rights."

Mitigating Factors

There is one mitigating factor that could work in an enterprise's advantage. An attacker needs to have valid log-on credentials and be able to sign in locally to exploit the vulnerability. In other words, the vulnerability could not be exploited remotely or by anonymous users.

There's also a workaround: For environments with non-default, limited user privileges, Microsoft said disabling NDProxy.sys will cause certain services that rely on Windows Telephony Application Programming Interfaces to not function. Services that will no longer work include Remote Access Service, dial-up networking, and virtual private networking.

Redmond is working with partners in its Microsoft Active Protections Program to provide information that they can use to deliver broader protections to customers. Microsoft promised to take the appropriate action to protect customers when the investigation is complete and did not rule out an out-of-cycle patch.

Adobe Reader Connection

We turned to Wolfgang Kandek, CTO at Qualys, for his take on the vulnerability. He told us the exploit is being abused in the wild in conjunction with the Adobe Reader vulnerability that had a fix published in August 2013: "Users that have the latest version of Adobe Reader are immune to the Relevant Products/Services, as well as users that are running on Windows Vista or later."

FireEye was the first to uncover the vulnerability. The Relevant Products/Services research firm said the exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and earlier versions on Windows XP SP3.

"Those running the latest versions of Adobe Reader should not be affected by this exploit," security researchers Xiaobo Chen and Dan Caselden of FireEye wrote in a blog post. "Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN MICROSOFT/WINDOWS
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.