Microsoft is investigating reports of a new Windows zero-day flaw which has the potential to allow attackers to execute code in the kernal from a standard user account.
The flaw affects Windows XP and Windows Server 2003, and security firm FireEye said it has spotted attacks in the wild.
According to FireEye, the flaw has been exploited in conjunction with an Adobe Reader flaw which was patched earlier this year. The exploits targeted Adobe Reader 9.5.4, 10.1.6, 11.0.02 and older versions on Windows XP SP3.
FireEye advised users to keep Adobe Reader up to date and to upgrade to a more recent version of Windows.
Microsoft has issued workarounds for now, and may issue a full patch depending on its findings.
"We are aware of limited, targeted attacks that attempt to exploit this vulnerability," said Microsoft.
"The vulnerability is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the company added. "An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
Microsoft is set to pull the plug on extended support for Windows XP in April next year. The company has warned that the OS is considerably more vulnerable to attacks in an attempt to persuade users to upgrade. It's also said that attacks could go up after the support deadline, as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to find holes in XP.