CVE-2014-0262

Name of the Vulnerable Software and Affected Versions Windows 7 SP1 Server 2008 R2 SP1

Description The issue is related to the improper use of thread-owned objects during the processing of window handles in the Windows kernel-mode driver, allowing local users to gain privileges via a crafted application. This could enable an attacker to execute arbitrary code with elevated privileges.

Recommendations For Windows 7 SP1, update to a version that includes the fix for this issue. For Server 2008 R2 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the win32k.sys driver to minimize the risk of exploitation.