PT-2014-1016 · Microsoft · Server 2008 R2+3

Published

2014-01-14

Updated

2020-09-28

CVE-2014-0262

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows 7 SP1 Server 2008 R2 SP1

Description The issue is related to the improper use of thread-owned objects during the processing of window handles in the Windows kernel-mode driver, allowing local users to gain privileges via a crafted application. This could enable an attacker to execute arbitrary code with elevated privileges.

Recommendations For Windows 7 SP1, update to a version that includes the fix for this issue. For Server 2008 R2 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the win32k.sys driver to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2014-00067

CVE-2014-0262

Affected Products

Server 2008 R2

Windows

Windows 7

Win32K.Sys

PT-2014-1016 · Microsoft · Server 2008 R2+3

CVE-2014-0262

Weakness Enumeration

Related Identifiers

Affected Products

References · 8