Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege


Report ID: MS201403003
Date Published: March 11, 2014

Criticality:
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Windows 8 and Windows 8.1
Windows 7
Windows Vista
Windows XP
Windows RT 8.1
Windows RT
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
 




Summary

Multiple vulnerabilities in the Windows kernel-mode driver may, if successfully exploited, lead to an attacker gaining an elevation of privileges.



Detailed Description

Two separate vulnerabilities in the Win32k.sys Windows kernel-mode driver may be exploited to either disclose information from the kernel memory (which may be used to further compromise the system) or to gain an elevation of privileges.

To attack these vulnerabilities, the attacker must be locally logged onto the system with valid logon credentials.



CVE Reference

CVE-2014-0300
CVE-2014-0323



Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-015)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.