⚠ Actively exploited
Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2014-4148Code Injection in Microsoft Windows Server 2008

CWE-94Code Injection14 documents9 sources
Severity
8.8HIGHNVD
OSV7.5
EPSS
59.7%
top 1.73%
CISA KEV
KEV
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
QemuMicrosoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedOct 15
KEV addedMay 25
KEV dueJun 15
Latest updateFeb 12
CISA Required Action: Apply updates per vendor instructions.

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.3

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-4wxx-xmrx-3xq9: win32k2022-05-14
OSV
qemu, qemu-kvm vulnerabilities2014-09-08
VulnCheck
Microsoft Windows Remote Code Execution Vulnerability2014

📋Vendor Advisories

1
CISA
Microsoft Windows Remote Code Execution Vulnerability2022-05-25

🕵️Threat Intelligence

8
Securelist
IT threat evolution Q2 20172017-08-15
Securelist
IT threat evolution Q2 20172017-08-15
Securelist
Unraveling the Lamberts Toolkit2017-04-11
Securelist
Unraveling the Lamberts Toolkit2017-04-11
Unit42
Super Tuesday: A Patch Tuesday We Won’t Forget2014-10-15

📄Research Papers

1
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12