Researchers have determined that a zero-day vulnerability in Windows XP and Windows Server 2003 is being actively exploited in the wild in order to bypass the sandbox in unpatched versions of Adobe Reader.
“This local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit that appears to target a patched vulnerability. The exploit targets Adobe Reader 9.5.4, 10.1.6, 11.0.02 and prior on Windows XP SP3. Those running the latest versions of Adobe Reader should not be affected by this exploit,” the researchers stated.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights,” Microsoft stated in an advisory. “An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous user.”
Microsoft further stated that they plan to mitigate the vulnerability either with a Patch Tuesday release or by way of an an out-of-cycle security update, depending on the results of their investigation.
Users are encouraged to upgrade from the archaic Windows XP operating system in favor of Windows 7 or 8, and should ensure they are running the latest versions of Adobe Reader.