On November 27th, 2013, Microsoft published Security Advisory 2914486, which coverers a elevation of privilege vulnerability in certain versions of Windows XP and Windows Server 2003.
The flaw lies in the NDProxy component of the windows kernel. Note, exploitation requires that an attacker holds local login credentials.
This threat is currently being exploited in limited and targeted attacks. Functional exploitation and malware artifacts have been identified in the wild.
Remediation / Mitigation
Microsoft
Microsoft has provided a workaround to address this issue. Details are available at:
http://technet.microsoft.com/en-us/security/advisory/2914486
McAfee Labs
The following McAfee products / content provide coverage
McAfee Vulnerability Manager
McAfee MVM / FSL Content Release of 11/28/2013
McAfee Antivirus
Coverage is provided in the 7276 DATs, released on 12/1/2013
Name – Exploit-CVE2013-5065
Further reading:
Analyzing the Recent Windows Zero-Day Escalation of Privilege Exploit