Zero day Microsoft security advisory
APTNinja 270003VJ12 Visits (4183)
There is currently a 0 day advisory from Microsoft in which Microsoft has not provided a downloadable patch for yet. However they, have provided a workaround to disable the vulnerability.
Important Note: The workaround is a registry setting will disable remote VPN access on an endpoint which is using NDProxy to authenticate. So if the IEM agent on the endpoint requires a VPN connection to reach its parent relay or server, applying the workaround would make the agent not reachable to its parent relay or server.
We have published two fixlets to enable and disable the workaround.
Published site version: Patches for Windows (English), version 1881
291448601 2914486: Microsoft Security Advisory - Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege - Enable workaround - Windows XP SP3 / Windows Server 2003 SP2
291448603 2914486: Microsoft Security Advisory - Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege - Disable Workaround - Windows XP SP3 / Windows Server 2003 SP2