Security firm warns of new XP flaw

Just five months before Microsoft Corp. ends support for Windows XP, a security firm has warned that a new zero day flaw in the aging operating system is being used by attackers to bypass the sandbox of unpatched versions of Adobe Reader.

The vulnerability allows a standard user running XP service pack 3 to boost user privileges to administrative level. This can enable a targeted attack on users running Adobe Reader versions 9.5.4, 10.1.6, 11.0.02 and older, the security firm FireEye said.


“The vulnerability cannot be used for remote code execution but could allow a standard user account to generate a code in the kernel,” a post in FireEye’s Web site said. “Currently the exploit appears to only work in Windows XP…the shellcode decodes a PE payload from the PDF, drops it in the temporary directory and executes it.”

People using the latest version of Adobe Reader should not be affected by the exploit.

FireEye recommended that the following steps be followed the mitigate risks:

1) Upgrade to the latest Adobe Reader

2) Upgrade to Microsoft Windows 7 or higher

 

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Related Tech News