Privilege Escalation Vulnerability in Microsoft Windows 10 and Server 2016
CVE-2017-0080

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Win32k
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0080?

The kernel-mode drivers in certain versions of Microsoft Windows 10 and Windows Server 2016 expose a vulnerability that allows local users to elevate their privileges through specially crafted applications. This could lead to unauthorized actions by gaining higher permissions than intended, which compromises system integrity. The vulnerability is distinct from various other reported issues and underscores the need for stringent security practices in managing local user rights.

Affected Version(s)

Win32k The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96633
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038017
vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.