Exploit Targeting Windows Zero-Day Vulnerability SpottedNovember 28, 2013 – 2:21 PM
Trend Micro came across samples of an exploit targeting the recently announced zero-day vulnerability affecting Windows XP and Server 2003. This is an elevation of privilege vulnerability, which may allow a threat actor to gain certain privileges that enable him to do varied activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges.
This exploit was recently used in a targeted attack. In the incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346), referenced in this Adobe Security Bulletin. This vulnerability is used in tandem with the Windows zero-day vulnerability (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.
This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Thus, those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.