Elevation of Privilege in Microsoft Windows Products
CVE-2017-0081

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Win32k
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0081?

The vulnerability allows local users to gain elevated privileges on affected Microsoft Windows products through a crafted application. This occurs in kernel-mode drivers, primarily impacting systems running Windows 8.1, various versions of Windows 10, and Windows Server 2016. The flaw makes it possible for unauthorized users to execute code at a higher privilege level, which could lead to further exploitation of the system or its data.

Affected Version(s)

Win32k The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96634
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038017
vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-0081 : Elevation of Privilege in Microsoft Windows Products