| Home : November 28 2013 Computer News : New Windows privilege escalation flaw exploited in active attacks |
|
New Windows privilege escalation flaw exploited in active attacks |
November 28, 2013
Attackers are exploiting a new and unpatched vulnerability in Windows XP and Windows Server 2003 that allows them to execute code with higher privileges than they have access to.The vulnerability is located in NDProxy.sys, "a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces (TAPI) services.""An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," Microsoft said in a security advisory published Wednesday. "An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."This is an elevation-of-privilege (EoP) vulnerability, not a remote code execution one, which means that attackers need to already have access to a low-privileged account on the targeted system in order to exploit it.To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2067880/new-windows-privilege-escalation-flaw-exploited-in-active-attacks.html#tk.rss_all
|
|
|
|
|
