Microsoft warns of operating CVE-2013-5065 ITW

This week it became known that attackers are using the currently unsecured CVE-2013-5065 elevation of privilege (EoP) vulnerability in Microsoft Windows XP and Server 2003 when organizing targeted attacks to raise their credentials in the system. The vulnerability does not relate to the RCE (Remote Code Execution) type, but is used only to bypass user-mode restrictions on the execution of code in the system address space. Using a bug in the NDProxy.sys driver, attackers can execute their code in kernel mode.



The shell code itself, which performs the operation of exploiting the vulnerable ndproxy version, is delivered via a malicious PDF document and is used in conjunction with the use of CVE-2013-3346 vulnerability in Adobe Reader, Acrobat, which allows you to bypass sandboxing restrictions in the reader and execute arbitrary code (Adobe Reader sandbox bypass). CVE-2013-3346 was closed by Adobe back in August of this year with APSB13-15 and does not threaten users with updated versions of these programs.
')
Update your OS if you are still using extremely insecure Windows XP, and also regularly install updates for PDF readers — Adobe Reader, Acrobat. ESET antivirus products detect an exploit as PDF / Exploit.CVE-2013-5065.A .