Microsoft has issued a warning about new zero-day vulnerability affecting the Windows XP and 2003 Server operating systems.
The bug referred with CVE id "CVE-2013-5065" is a local privilege escalation vulnerability, is reportedly being exploited in the wild.
A successful exploitation allows attackers to run the arbitrary code in Kernel mode(User mode --> kernel mode). It will get access to install software, modify data or creating accounts with admin privilege.
However, the vulnerability is not exploitable by a remote attacker.
"It does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003." Microsoft security advisory reads.
Though the Microsoft is issued a workarounds for this vulnerability, it is better to switch to the latest version of Windows (7 or 8), as we aware that Microsoft is going to stop supporting Windows xp by April 2014.