Nothing beats the feel of security news early in the morning! Redmond has just confirmed that it is investigating a critical security flaw that is affecting users of its older platforms.
The company says it is aware of limited targeted attacks that exploit this vulnerability.
Speaking of which, the flaw was first reported by FireEye Labs, and it actually affects the Windows kernel. Again, it has something to do with that allows elevation of privilege — in other words, an attacker who exploits this vulnerability gets the ability to run arbitrary code on affected machines.
But the security advisory issued today makes it clear that newer operating systems are not affected by this flaw. Only Windows XP and Windows Server 2003 are under threat:
“Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003.
The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.”
FireEye Labs has also weighed in on this flaw, saying that Adobe Reader is also affected by this problem. Needless to say users are recommended to update to the latest version of the program to stay safe.
Plus, the security firm is collaborating with the Microsoft Security team to fix up a fix.