CVE-2014-4113
critical-risk
Published 2014-10-15
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
Do I need to act?
!
82.4% chance of exploitation in next 30 days
EPSS score — higher than 18% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (11)
Affected Vendors
References (23)
Broken Link
http://osvdb.org/show/osvdb/113167
Broken Link
http://secunia.com/advisories/60970
Broken Link
http://www.securityfocus.com/bid/70364
Third Party Advisory
https://github.com/sam-b/CVE-2014-4113
Third Party Advisory
https://www.exploit-db.com/exploits/39666/
Broken Link
http://osvdb.org/show/osvdb/113167
Broken Link
http://secunia.com/advisories/60970
Broken Link
http://www.securityfocus.com/bid/70364
Third Party Advisory
https://github.com/sam-b/CVE-2014-4113
and 3 more references
74
/ 100
critical-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
16/34 · Moderate