Windows kernel vulnerability could allow escalation of privilege
Report ID: MAPP-CVE20135065
Date Published: 29 November 2013
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Server 2003
A vulnerability in the Windows kernel could, upon successful exploitation, allow an attacker to run arbitrary code in kernel mode.
Microsoft has reported about a vulnerability affecting Windows XP and Windows Server 2003 machines, which was caused by the NDProxy.sys kernel component's failure to properly validate input. Upon successful exploitation, an attacker could be able to run arbitrary code in kernel mode. But in order to exploit this vulnerability, the attacker must have valid logon credentials and be able to log on locally.
To mitigate the impact of this vulnerability, users are advised to reroute the NDProxy service to Null.sys. Complete instruction is available from Microsoft Security Advisory (2914486).
F-Secure detects the files taking advantage of this vulnerability with these detections:
- PDF:Exploit.CVE-2013-5065.A - starting in Aquarius database version 2013-11-28_06, which was released on 28 November 2013
- Gen:Trojan.Heur.FU.ku3@aSHWAmji - starting in Aquarius database version 2013-11-07_07, which was released on 7 November 2013
Please allow F-Secure products to block installation of files that take advantage of this vulnerability.
Aquarius database version 2013-11-28_06 at 14:46:12 UTC
Aquarius database version 2013-11-07_07 at 22:58:11 UTC
28 November 2013
7 November 2013
Microsoft recommends users to reroute the NDProxy service to Null.sys. Complete instruction is available from Microsoft Security Advisory (2914486).
Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.