Posted on 11/30/2013 10:10:25 AM PST by Utilizer
FireEye Labs has identified a new Windows local privilege escalation vulnerability in the wild. The vulnerability cannot be used for remote code execution but could allow a standard user account to execute code in the kernel. Currently, the exploit appears to only work in Windows XP.
This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit.
Post exploitation, the shellcode decodes a PE payload from the PDF, drops it in the temporary directory, and executes it.
(Excerpt) Read more at fireeye.com ...
?
Windows XP is more than ten years old and it’s four versions old.
I run several flavours of ‘doze in quite a few machines for testing purposes. This is yet another reminder of why I never allow any machine not running Linux to connect to the Internet.
Some of us still run other versions of OS than ‘doze 8.1-latest.
You coders might wish to explore if a similar exploit exists in other releases, just in case.
And what is a Windoze?
/johnny
Every year, I find Adobe a little more annoying.
The number one thing about them I find annoying is the way you have to watch their installer like a hawk.
If you don’t read every word of every screen, you will end up installing Google Chrome and the Google Toolbar on your Windows computer.
This is true of both Flash and Acrobat, and who knows what else.
As of 2013, 1/3rd of all PCs are still running XP.
*snicker* If you had ever run a PC game in DOS and then attempted to run the same game in windows, you would already understand the “doze” reference. Worse even than accessing the internet through AOL instead of a real browser and ISP. *grin*
Flash players I leave to only the last-stable version of whatever browser I happen to be using at the moment. Gave up on .pdf files long ago. I have a quite stable pdf-reader in Linux for the occasional need, but other than that -no thanks.
I use XP.
Sounds like someone should shoot it. What it is.
I know of quite a few individuals still running ‘doze v8.0, v7, Vista, XP, ME, and 2k. At over one hundred dollars apiece for each OS as it came out, that is over seven hundred dollars saved just in software. Add in the cost of new systems capable of running the “latest” software and the cost is unacceptable for most people living on a budget, let alone a small business on a shoestring.
/johnny
Translation, please? In the wild? Kernel? Local privilege escalation vulnerability I think I get- risk of someone being able to do something on the machine that you are not permitted to do.
I grew up with #2 & 4 pencils, lined and unlined paper, fountain pens and ballpoints. Not to mention long division. Keyboards? Guys didn't do 'em- you had girl secretaries for typing. I'm barely catchin' up and more stuff keeps comin' along!
8^(
*laugh* No worries, mate. Means that if you are using the “Windows XP” operating system online there is the possibility that someone can take over your machine and endanger your personal files (modify, delete, or encrypt against your useage) or otherwise render your machine unusable.
"It sounds like he might be running a PC based CNC system that uses a PC for control. You posted a DNC box that is for uploading programs via DNC which has always been serial. Some older PC based CNC controllers used the parallel port (especially common for stepper systems). Systems that used brushless servos typically used some type of dedicated hardware to close the servo loop and is commanded via the PC. Typically those were ISA cards with a DSP on board but also parallel based units were available.
I also support the PC based CNC systems at my place of work. The system is quite advanced and uses a real time subsystem which only supports Windows 2000/XP. One of the systems is XP and the others are Windows 2000. New software costs about 4k and depending on the drives used, may require new drives at a cost of $1700 per axis."
Ask any of their engineers if they intend to produce a 'Mac' version if you need a bout of hilarity to liven up a business meeting.
In retrospect, being a cook is less frustrating. ;)
/johnny
Then I took up studying Assembly Language.
Now I am a lot more calm and content in life. Much less stressful than attempting to understand women. *grin*
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.