Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

MS Windows Local Privilege Escalation Zero-Day in The Wild
fireeye ^ | November 27, 2013 | Xiaobo Chen and Dan Caselden

Posted on 11/30/2013 10:10:25 AM PST by Utilizer

FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP.

This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit.

Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it.

(Excerpt) Read more at fireeye.com ...


TOPICS: Business/Economy; Computers/Internet; Hobbies; Reference
KEYWORDS: adobereader; exploit; malware; windows; windowsxp; xp
Navigation: use the links below to view more comments.
first 1-2021-36 next last
Article has link to MS security advisory. Comments and suggestions also on "http://tech.slashdot.org/story/13/11/29/1936245/new-windows-xp-zero-day-under-attack"
1 posted on 11/30/2013 10:10:25 AM PST by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer

?

Windows XP is more than ten years old and it’s four versions old.


2 posted on 11/30/2013 10:13:32 AM PST by flintsilver7 (Honest reporting hasn't caught on in the United States.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

I run several flavours of ‘doze in quite a few machines for testing purposes. This is yet another reminder of why I never allow any machine not running Linux to connect to the Internet.


3 posted on 11/30/2013 10:13:35 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: flintsilver7

Some of us still run other versions of OS than ‘doze 8.1-latest.


4 posted on 11/30/2013 10:14:36 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer

You coders might wish to explore if a similar exploit exists in other releases, just in case.


5 posted on 11/30/2013 10:16:11 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Ping.

And what is a Windoze?

/johnny

6 posted on 11/30/2013 10:16:30 AM PST by JRandomFreeper (Gone Galt)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

Every year, I find Adobe a little more annoying.

The number one thing about them I find annoying is the way you have to watch their installer like a hawk.

If you don’t read every word of every screen, you will end up installing Google Chrome and the Google Toolbar on your Windows computer.

This is true of both Flash and Acrobat, and who knows what else.


7 posted on 11/30/2013 10:19:39 AM PST by Steely Tom (If the Constitution can be a living document, I guess a corporation can be a person.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: flintsilver7

As of 2013, 1/3rd of all PCs are still running XP.


8 posted on 11/30/2013 10:20:31 AM PST by Kirkwood (Zombie Hunter)
[ Post Reply | Private Reply | To 2 | View Replies]

To: JRandomFreeper

*snicker* If you had ever run a PC game in DOS and then attempted to run the same game in windows, you would already understand the “doze” reference. Worse even than accessing the internet through AOL instead of a real browser and ISP. *grin*


9 posted on 11/30/2013 10:21:32 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Steely Tom
It's not just Adobe. "Security" / Antivirus proggies are a constant headache since they seem to trash your system quite often, and the tales of MS updates rendering some poor user's computer inoperable are years-long in the histories.

Flash players I leave to only the last-stable version of whatever browser I happen to be using at the moment. Gave up on .pdf files long ago. I have a quite stable pdf-reader in Linux for the occasional need, but other than that -no thanks.

10 posted on 11/30/2013 10:29:58 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 7 | View Replies]

To: flintsilver7

I use XP.


11 posted on 11/30/2013 10:33:46 AM PST by null and void (I'm betting on an Obama Trifecta: A Nobel Peace Prize, an Impeachment, AND a War Crimes Trial...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer
Windows local privilege escalation vulnerability in the wild.

Sounds like someone should shoot it. What it is.

12 posted on 11/30/2013 10:34:22 AM PST by Fzob (Jesus + anything = nothing, Jesus + nothing = everything)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Kirkwood

I know of quite a few individuals still running ‘doze v8.0, v7, Vista, XP, ME, and 2k. At over one hundred dollars apiece for each OS as it came out, that is over seven hundred dollars saved just in software. Add in the cost of new systems capable of running the “latest” software and the cost is unacceptable for most people living on a budget, let alone a small business on a shoestring.


13 posted on 11/30/2013 10:34:47 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Utilizer
I've been using linux since slackware was on 6 floppy disks. I'm not familiar with windoze, past 3.1.

/johnny

14 posted on 11/30/2013 10:36:42 AM PST by JRandomFreeper (Gone Galt)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Utilizer
FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel.

Translation, please? In the wild? Kernel? Local privilege escalation vulnerability I think I get- risk of someone being able to do something on the machine that you are not permitted to do.

I grew up with #2 & 4 pencils, lined and unlined paper, fountain pens and ballpoints. Not to mention long division. Keyboards? Guys didn't do 'em- you had girl secretaries for typing. I'm barely catchin' up and more stuff keeps comin' along!

8^(

15 posted on 11/30/2013 10:40:38 AM PST by JimRed (Excise the cancer before it kills us; feed & water the Tree of Liberty! TERM LIMITS NOW & FOREVER!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JimRed

*laugh* No worries, mate. Means that if you are using the “Windows XP” operating system online there is the possibility that someone can take over your machine and endanger your personal files (modify, delete, or encrypt against your useage) or otherwise render your machine unusable.


16 posted on 11/30/2013 10:46:32 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 15 | View Replies]

To: JRandomFreeper; flintsilver7
Excerpt from the slashdot forums:

"It sounds like he might be running a PC based CNC system that uses a PC for control. You posted a DNC box that is for uploading programs via DNC which has always been serial. Some older PC based CNC controllers used the parallel port (especially common for stepper systems). Systems that used brushless servos typically used some type of dedicated hardware to close the servo loop and is commanded via the PC. Typically those were ISA cards with a DSP on board but also parallel based units were available.

I also support the PC based CNC systems at my place of work. The system is quite advanced and uses a real time subsystem which only supports Windows 2000/XP. One of the systems is XP and the others are Windows 2000. New software costs about 4k and depending on the drives used, may require new drives at a cost of $1700 per axis."

17 posted on 11/30/2013 10:51:05 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 14 | View Replies]

To: JRandomFreeper
I run some quite advanced Engineering programs, as in the baseline package retails for five digits. They have releases for Unix and Windows-whatever-version machines. However, Linux Is Not UniX so there are some minor compatability issues.

Ask any of their engineers if they intend to produce a 'Mac' version if you need a bout of hilarity to liven up a business meeting.

18 posted on 11/30/2013 10:55:13 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Utilizer
Before culinary school, I was an engineer. I understand mission specific requirements.

In retrospect, being a cook is less frustrating. ;)

/johnny

19 posted on 11/30/2013 11:00:05 AM PST by JRandomFreeper (Gone Galt)
[ Post Reply | Private Reply | To 18 | View Replies]

To: JRandomFreeper
I hear you, mate. I remember not so long ago I was constantly going out on dates and spending everything I had attempting to find a keep-worthy woman and perhaps one not working solely on the furtherance of her career while attempting to remake this poor soul into something she deemed "better"

Then I took up studying Assembly Language.

Now I am a lot more calm and content in life. Much less stressful than attempting to understand women. *grin*

20 posted on 11/30/2013 11:14:12 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-36 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson