Elevation of Privilege Vulnerability in Microsoft Windows Products
CVE-2017-0079

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Win32k
Vendor: CVE Published:; 17 March 2017

🔔 Create Microsoft Vulnerability Alert

What is CVE-2017-0079?

The vulnerability allows local users to exploit the kernel-mode drivers in several Microsoft Windows operating systems. By executing a specially crafted application, an attacker can gain elevated privileges, potentially compromising system integrity and confidentiality. This flaw is distinct from various other vulnerabilities and underscores the importance of timely updates and security patches to safeguard affected systems.

Affected Version(s)

Win32k The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96632

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038017

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016

.