Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege
Report ID: MS201403003
Date Published: March 11, 2014
Compromise Type: privilege-escalation
Compromise From: local-system
Windows 8 and Windows 8.1
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Multiple vulnerabilities in the Windows kernel-mode driver may, if successfully exploited, lead to an attacker gaining an elevation of privileges.
Two separate vulnerabilities in the Win32k.sys Windows kernel-mode driver may be exploited to either disclose information from the kernel memory (which may be used to further compromise the system) or to gain an elevation of privileges.
To attack these vulnerabilities, the attacker must be locally logged onto the system with valid logon credentials.
Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-015)