0-Day Fixes

WINDOWS KERNEL VULNERABILITY COULD ALLOW ESCALATION OF PRIVILEGE

Summary

A vulnerability in the Windows kernel could, upon successful exploitation, allow an attacker to run arbitrary code in kernel mode.

Detailed Description


Microsoft has reported about a vulnerability affecting Windows XP and Windows Server 2003 machines, which was caused by the NDProxy.sys kernel component's failure to properly validate input. Upon successful exploitation, an attacker could be able to run arbitrary code in kernel mode. But in order to exploit this vulnerability, the attacker must have valid logon credentials and be able to log on locally. 

To mitigate the impact of this vulnerability, users are advised to reroute the NDProxy service to Null.sys. Complete instruction is available from Microsoft Security Advisory (2914486).

F-Secure detects the files taking advantage of this vulnerability with these detections:

  1. PDF:Exploit.CVE-2013-5065.A - starting in Aquarius database version 2013-11-28_06, which was released on 28 November 2013
  2. Gen:Trojan.Heur.FU.ku3@aSHWAmji - starting in Aquarius database version 2013-11-07_07, which was released on 7 November 2013

Please allow F-Secure products to block installation of files that take advantage of this vulnerability.

CVE Reference


  • CVE-2013-5065

Detected Exploit


Detections

  • PDF:Exploit.CVE-2013-5065.A
  • Gen:Trojan.Heur.FU.ku3@aSHWAmji

Databases

  • Aquarius database version 2013-11-28_06 at 14:46:12 UTC
  • Aquarius database version 2013-11-07_07 at 22:58:11 UTC

Release Dates

  • 28 November 2013
  • 7 November 2013

Solution


Microsoft recommends users to reroute the NDProxy service to Null.sys. Complete instruction is available from Microsoft Security Advisory (2914486).

Removal/Disinfection

Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source


Microsoft Security Advisory (2914486)

SCAN & CLEAN?: YES FREE?: ABSOLUTELY

Scan and clean your PC with F-Secure's Online Scanner. The best thing is, its free!

Learn More Try Out Now!