Elevation of Privilege Vulnerability in Microsoft Windows Products
CVE-2017-0079

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Win32k
Vendor
CVE Published:
17 March 2017

Summary

The vulnerability allows local users to exploit the kernel-mode drivers in several Microsoft Windows operating systems. By executing a specially crafted application, an attacker can gain elevated privileges, potentially compromising system integrity and confidentiality. This flaw is distinct from various other vulnerabilities and underscores the importance of timely updates and security patches to safeguard affected systems.

Affected Version(s)

Win32k The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96632
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038017
vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.