Symantec researcher Elia Florip has warned, at the company's weblog of a 0day attack in Windows XP and 2003 that allows unprivileged users to gain SYSTEM privileges via a buggy driver installed by default. The following advisory sheds light on the issue and reveals where the problem is.

http://www.securiteam.com/windowsntf...P00E2AK0E.html