A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users (http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html). Microsoft confirmed the issue and published a security advisory (https://technet.microsoft.com/en-us/security/advisory/2914486) to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode (http://www.securityweek.com/microsoft-confirms-new-windows-xp-zero-day-under-attack). An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

http://tech.slashdot.org/story/13/11/29/1936245/new-windows-xp-zero-day-under-attack