14 DAY TRIAL // Microsoft is still investigating a recently found zero-day flaw in Windows XP, but security company Symantec already has more information on the vulnerability.
Symantec revealed in a blog post that a successful exploitation of the flaw would allow an attacker to execute arbitrary code with kernel-level privileges and could “result in the complete compromise of affected computers.”
At the same time, the security vendor has also warned that cybercriminals are trying to exploit the flaw with malicious PDF documents delivered via emails and attempting to take advantage of a security hole in older versions of Adobe Reader.
“The attack arrives as a malicious PDF file with file names such as syria15.10.pdf or Note_№107-41D.pdf, likely by an email attachment, although there is a possibility that targeted users are being enticed to download the malicious file from a website prepared by the attacker,” Symantec reported.
At the same time, it turns out that attacks attempting to exploit this vulnerability were launched in November, so the flaw has been around for a while, but nobody knew about it.
Symantec says that security products that have been updated after the zero-day flaw has been revealed can block malicious PDF documents delivered via emails, but users are anyway recommended to follow Microsoft’s guidance on blocking the vulnerability.
“Upon successful exploitation of the vulnerability, another malicious file, observed since mid-October, is dropped onto the compromised computer which Symantec detects as Trojan.Wipbot. This Trojan collects system information and connects to a command-and-control (C&C) server,” Symantec explained.
Until now, the security vendor has detected emails comprising malicious PDF documents sent in countries such as India, Australia, the United States, Chile, Hungary, Germany, Norway, and Saudi Arabia.
Microsoft is still investigating the reports and given the fact that the December 2013 Patch Tuesday rollout is approaching, expect a patch to be released early next month.