SOFTWARE HOUSE Microsoft has warned of a zero-day vulnerability in the Windows XP kernel.
The bug named CVE-2013-5065 is being exploited in the wild, Microsoft warned in a security advisory.
Security firm Trend Micro showed a bit more light on the vulnerability, saying in a blog post on Thursday that it had acquired samples of the exploit and found that it took advantage of an "elevation of privilege vulnerability". This allows an attacker to gain privileges that enable them to delete or view data, install programs, or create accounts with administrative privileges.
"This vulnerability is used in tandem with the Windows zero-day vulnerability (CVE-2013-5065), resulting in a backdoor being dropped into the system," Trend Micro's technical communications lead Gelo Abendan wrote in the blog post. "The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command and control server."
Microsoft said that only Windows XP and Windows Server 2003 users are affected by the vulnerability.
"Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003," the firm advised.
Microsoft warned in April that there were only 365 days left of extended support for its Windows XP operating system. The firm said that less than a quarter of UK companies had completed migrating their PCs to Windows 7, with 40 percent still "in the process of upgrading". µ