New Local 0-day for Windows XP
Last updated on: September 6, 2020
Microsoft just published security advisory 2914486 describing a new, local vulnerability in Windows XP and Windows 2003. It acknowledges a kernel vulnerability that can be used to gain administrator privileges. It is being abused in the wild in conjunction with a Adobe Reader vulnerability that had a fix published in August 2013. This post on the Fireeye blog has more technical details.
Users that have the latest version of Adobe Reader are immune to the attack, as well as users that are running on Windows Vista or later.
Stay tuned to this blog for updates on the issue.