Microsoft investigating MS Windows local privilege escalation zero-day

Microsoft investigating MS Windows local privilege escalation zero-day

Summary: Microsoft issued a security alert and is investigating a report issued by FireEye Labs warning of an MS Windows/Adobe Reader local privilege escalation zero-day in the wild.


In a new security alert Microsoft announced it is investigating a report issued earlier today by FireEye Labs warning of an MS Windows local privilege escalation zero-day in the wild.

The Windows local privilege escalation vulnerability FireEye Labs says it has identified, "cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP."

windows xp zero day

If you're running the latest versions of Adobe Reader, FireEye says that you shouldn't be affected by the exploit.

In MS Windows Local Privilege Escalation Zero-Day in The Wild, FireEye's  and  detail the issue:

This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability.

The exploit targets Adobe Reader 9, 10, and 11 prior to patches 11.0.02, 10.1.6, and 9.5.4 on Windows XP SP3.

In today's Security Advisory, Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege, Microsoft states,

Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability.

Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003.

The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

FireEye Labs and Microsoft are working in concert on the issue, and Microsoft has assigned the issue as item CVE-2013-5065.

The mitigating factors, Microsoft said:

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

The vulnerability could not be exploited remotely or by anonymous users.

FireEye Labs has slightly different approach to warning the public and offers this mitigation advice for protection:

The following actions will protect users from the in-the-wild PDF exploit:

1) Upgrade to the latest Adobe Reader
2) Upgrade to Microsoft Windows 7 or higher

In August Microsoft announced that support for Windows XP will be ending in April 2014, prompting some to refer to Windows XP as "zero day forever."

Topics: Security, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Only XP?

    The exploit has confirmed only on XP. But has it is been verified not work on Vista and later.
  • make use of Low Fragmentation Heap (LFH)

    I believed that so call Zero day vulnerability may replace by key words "non-stop" in future.
    Hacker can make use of Low Fragmentation Heap (LFH) replace the freed memory with his own data.
    It looks that intel can do this magic (not allow to reuse in easy way), however may affect some OS functions like VM. On the other hand, this is a business oppuntunities, right?
    Picco Chan
  • Why oh why

    Do people use Adobe for PDFs, it's bloated and leaks like a colander. Get a decent reader such as Sumatra.
    Alan Smithie
    • exactly

      Adobe Reader is the worst pdf reader I ever use, this thing don't even have something so basic feature like bookmarks.
  • So

    It's Thursday again?
  • An excellent solution for XP Users who are stuck on XP

    I am an IT Consultant in North America and I have run into many Clients who simply cannot afford to upgrade their hardware and or software to Windows 7 or 8. The main reasons are the amount of money and time it takes to accomplish this. A typical example is that their existing vertical business application software needs to be rewritten for either Windows 7 or 8. Further since their hardware is still working they simply refuse to migrate from XP but they are afraid of getting viruses and malware. Essentially many Microsoft Users are stuck between a rock and hard place.

    So I found an excellent User friendly Linux OS that cocoons all versions of Windows: i.e. XP and or 7 inside a very innovative Virtual Machine so that the users data files are saved to a Linux partition while the Windows OS & software is initially backed up and stored in just one .vdi file safely inside the Linux partition,  which contains their original Windows installation with all its programs too. So if they get hit with a morphing virus it takes them only one click to restore their original copy of Windows XP or 7 and of course since their data is always safe inside the Linux partition and fully read writable from the Windows OS with bookmarked folders there is no downtime as it only takes seconds to click on their Robolinux menu option that restores their original perfect Windows Virtual Machine back to the way it was before the virus struck them.

    The result is my Clients are saving a lot of money and they are completely immune to all Windows malware and now they have as much time as they need to rewrite their software for either Linux or Windows 7. None of my Clients will even consider Windows 8 as a solution.

    Check it out: Google Robolinux.