Original release date: November 28, 2013
Microsoft has released Security Advisory 2914486 to address a vulnerability in a kernel component of Windows XP and Windows Server 2003. This vulnerability could allow an attacker to obtain elevation of privilege and then execute arbitrary code. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability in the wild.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2914486. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.
US-CERT will provide additional information as it becomes available.