⚠ Actively exploited
Added to CISA KEV on 2022-05-04. Federal agencies required to patch by 2022-05-25. Required action: Apply updates per vendor instructions..

CVE-2014-4113Microsoft Windows Server 2008 vulnerability

CWE-26423 documents14 sources
Severity
7.8HIGHNVD
EPSS
82.4%
top 0.77%
CISA KEV
KEV
Added 2022-05-04
Due 2022-05-25
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedOct 15
KEV addedMay 4
KEV dueMay 25
Latest updateFeb 12
CISA Required Action: Apply updates per vendor instructions.

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-wjjh-xg7v-8wf9: win32k2022-05-14
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability2014

💥Exploits & PoCs

6
Exploit-DB
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)2018-10-08
Exploit-DB
Microsoft Windows Kernel - 'win32k.sys' Local Privilege Escalation (MS14-058)2016-04-05
Exploit-DB
Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)2015-05-19
Exploit-DB
Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)2014-11-24
Exploit-DB
Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)2014-10-28

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download with Hurricane Panda IOC2014-10-15

📋Vendor Advisories

1
CISA
Microsoft Win32k Privilege Escalation Vulnerability2022-05-04

🕵️Threat Intelligence

11
Dfir Report
Inside the Open Directory of the “You Dun” Threat Group2024-10-28
Bleepingcomputer
Privilege elevation exploits used in over 50% of insider attacks2023-12-08
Sentinelone
Malware Discovered - SFG: Furtim Malware Analysis2016-07-12
Sentinelone
Malware Discovered - SFG: Furtim Malware Analysis2016-07-12
Unit42
Super Tuesday: A Patch Tuesday We Won’t Forget2014-10-15

📄Research Papers

1
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12