CVE-2014-0323 — Sensitive Information Exposure in Microsoft Windows Server 2008

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

6.6MEDIUMNVD

EPSS

0.9%

top 24.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedMar 12

Latest updateMay 14

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:N/A:CExploitability: 3.9 | Impact: 9.2

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xwwj-g743-674c: win32k↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)↗2014-03-11

▶

Talos

Micorosft Update Tuesday: March 2014, all about IE (including two 0-day fixes)↗2014-03-11

▶