Soon after Microsoft announced its plans for next week's security update, the software giant disclosed that it was investigating public reports of a Windows privilege-elevation exploit.
The zero-day vulnerability, originally reported< in April, impacts Windows XP Professional Service Packs 2 and 3 and could allow users to escalate their privileges to "LocalSystem," according to an updated security advisory released Thursday. These accounts have unrestricted access to local resources.
A Microsoft representative, however, said there are no reports of in-the-wild attacks.
"At this time, we are not aware of attacks attempting to use this vulnerability," Bill Sisk, security response communications manager, wrote on a company blog. "We will continue to monitor the situation."
Users can safeguard themselves against the bug by applying the workarounds listed in the advisory, Sisk said.
A number of next week's scheduled patches will fix issues in Windows, but it is unclear if this particular vulnerability will be addressed.
See original article on scmagazineus.com
