Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Microsoft Security Advisory 2914486 - Details of Windows XP 0 day exploit in wild

More details on Windows XP zero day exploit circulating ... Ensuring Adobe Acrobat reader is patched will help mitigate dangers and all users have until April 2014 to move to later versions of Windows.

https://technet.microsoft.com/en-us/security/advisory/2914486

https://isc.sans.edu/forums/diary/Microsoft+Security+Advisory+2914486+Vulnerability+in+Microsoft+Windows+Kernel+0+day+exploit+in+wild/17117

http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-targeting-windows-zero-day-vulnerability-spotted/

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE (Trend Labs): We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in May of this year. This vulnerability is used in tandem with the Windows zero-day vulnerability  (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.  This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.