As we know that Microsoft have stopped provide support for Windows XP & Windows Server 2003. But If you are still using these Operating system then you have to know about The Epic Turla Operation.
The Epic Turla Operation
Epic Turla is a massive cyber-espionage operation by Kaspersky. Epic Turla have infected several hundred computers in more than 45 countries including government institutions, embassies, military, education, research and pharmaceutical companies.
The attacks in this campaign fall into several different categories depending on the vector used in the initial compromise.
• CVE-2013-5065 – Privilege escalation vulnerability in Windows XP and Windows 2003
• CVE-2013-3346 – Arbitrary code-execution vulnerability in Adobe Reader
• CVE-2012-1723 – Arbitrary code-execution vulnerability in Java
• CVE-2013-5065 Detail
An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full administrator rights.
Affected Software
Operating System | Maximum Security Impact | Aggregate Severity Rating | Updates Replaced |
Windows XP | |||
Windows XP Service Pack 3 (2914368) |
Elevation of Privilege | Important | 2440591 in MS10-099 |
Windows XP Professional x64 Edition Service Pack 2 (2914368) |
Elevation of Privilege | Important | 2440591 in MS10-099 |
Windows Server 2003 | |||
Windows Server 2003 Service Pack 2 (2914368) |
Elevation of Privilege | Important | 2440591 in MS10-099 |
Windows Server 2003 x64 Edition Service Pack 2 (2914368) |
Elevation of Privilege | Important | 2440591 in MS10-099 |
Windows Server 2003 with SP2 for Itanium-based Systems (2914368) |
Elevation of Privilege | Important | 2440591 in MS10-099 |
Microsoft Security Advisory
If you are still running Windows XP & Server 2003 in your infratructure, you need to take steps now to plan and execute up-gradation strategy to protect your infrastructure.
• CVE-2013-3346 Details
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Affected software versions
• Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
• Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh
Adobe Security Advisory
• Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
• For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
• For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
• Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
• Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
• For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
• For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5.
• CVE-2013-1723 Detail
This threat uses a software vulnerability to download and run other files on your PC, including malware. It runs when you visit a hacked website and you have a vulnerable version of Java. A number of legitimate websites could be hacked to unwillingly host this threat.
Affected software versions
• JDK and JRE 7 Update 4 and earlier Java SE
• JDK and JRE 6 Update 32 and earlier Java SE
• JDK and JRE 5.0 Update 35 and earlier Java SE
• SDK and JRE 1.4.2_37 and earlier Java SE
JAVA Security Advisory
• Install all available Java updates.
You Must Also Read