7.2 - MS14-045

Executive Summary

Summary
Title	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)

Informations
Name	MS14-045	First vendor Publication	2014-08-12
Vendor	Microsoft	Last vendor Modification	2014-08-27
Severity (Vendor)	Important	Revision	3.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. See the Update FAQ for details.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS14-045

CWE : Common Weakness Enumeration

%	Id	Name
67 %	CWE-264	Permissions, Privileges, and Access Controls
33 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26136

Oval ID:	oval:org.mitre.oval:def:26136
Title:	Windows kernel pool allocation vulnerability - CVE-2014-4064 (MS14-045)
Description:	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-4064	Version:	3
Platform(s):	Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1	Product(s):
Definition Synopsis:
Vista / 2k8 + vulnerable file version Vista / 2K8 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.0.6002.19150 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000 AND Check if the version of win32k.sys is less than 6.0.6002.23454 AND Check if the version of Dxgkrnl.sys is less than 7.0.6002.19126 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is greater than or equal to 7.0.6002.23000 AND Check if the version of dxgkrnl.sys is less than 7.0.6002.23427 OR Win 7 / R2 + vulnerable file version Win 7 / R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.1.7601.18539 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of win32k.sys is less than 6.1.7601.22750 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.18510 OR dxgkrnl.sys LDR Check if the version dxgkrnl.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.22720 OR Win 8/2k12 and vulnerable file version Win 8 / 2k12 Microsoft Windows 8 (x86) is installed AND Microsoft Windows 8 (x64) is installed AND Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.2.9200.17059 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000 AND Check if the version of win32k.sys is less than 6.2.9200.21178 AND Check if the version of dxgkrnl.sys is less than 6.2.9200.17031 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is less than 6.2.9200.21148 AND Check if the version of dxgkrnl.sys is greater than or equal to 6.2.9200.21000 OR Win 8.1 / 2K12 R2and vulnerable file version Win 8.1 / 2k12 R2 Microsoft Windows 8.1 (x86) is installed AND Microsoft Windows 8.1 (x64) is installed AND Microsoft Windows Server 2012 R2 is installed AND Either vulnerable file Check if the version of win32k.sys is less than 6.3.9600.17250 AND Check if the version of dxgkrnl.sys is less than 6.3.9600.17210

Definition Id: oval:org.mitre.oval:def:26322

Oval ID:	oval:org.mitre.oval:def:26322
Title:	Font Double-Fetch vulnerability - CVE-2014-1819 (MS14-045)
Description:	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-1819	Version:	3
Platform(s):	Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1	Product(s):
Definition Synopsis:
2K3(all) and vulnerable file version Either OS Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Check if the version of win32k.sys is less than 5.2.3790.5398 OR Vista / 2k8 + vulnerable file version Vista / 2K8 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.0.6002.19150 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000 AND Check if the version of win32k.sys is less than 6.0.6002.23454 AND Check if the version of Dxgkrnl.sys is less than 7.0.6002.19126 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is greater than or equal to 7.0.6002.23000 AND Check if the version of dxgkrnl.sys is less than 7.0.6002.23427 OR Win 7 / R2 + vulnerable file version Win 7 / R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.1.7601.18539 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of win32k.sys is less than 6.1.7601.22750 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.18510 OR dxgkrnl.sys LDR Check if the version dxgkrnl.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.22720 OR Win 8/2k12 and vulnerable file version Win 8 / 2k12 Microsoft Windows 8 (x86) is installed AND Microsoft Windows 8 (x64) is installed AND Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.2.9200.17059 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000 AND Check if the version of win32k.sys is less than 6.2.9200.21178 AND Check if the version of dxgkrnl.sys is less than 6.2.9200.17031 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is less than 6.2.9200.21148 AND Check if the version of dxgkrnl.sys is greater than or equal to 6.2.9200.21000 OR Win 8.1 / 2K12 R2and vulnerable file version Win 8.1 / 2k12 R2 Microsoft Windows 8.1 (x86) is installed AND Microsoft Windows 8.1 (x64) is installed AND Microsoft Windows Server 2012 R2 is installed AND Either vulnerable file Check if the version of win32k.sys is less than 6.3.9600.17250 AND Check if the version of dxgkrnl.sys is less than 6.3.9600.17210

Definition Id: oval:org.mitre.oval:def:26442

Oval ID:	oval:org.mitre.oval:def:26442
Title:	Win32k Elevation of Privilege vulnerability - CVE-2014-0318 (MS14-045)
Description:	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0318	Version:	3
Platform(s):	Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1	Product(s):
Definition Synopsis:
2K3(all) and vulnerable file version Either OS Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Check if the version of win32k.sys is less than 5.2.3790.5398 OR Vista / 2k8 + vulnerable file version Vista / 2K8 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.0.6002.19150 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000 AND Check if the version of win32k.sys is less than 6.0.6002.23454 AND Check if the version of Dxgkrnl.sys is less than 7.0.6002.19126 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is greater than or equal to 7.0.6002.23000 AND Check if the version of dxgkrnl.sys is less than 7.0.6002.23427 OR Win 7 / R2 + vulnerable file version Win 7 / R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.1.7601.18539 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of win32k.sys is less than 6.1.7601.22750 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.18510 OR dxgkrnl.sys LDR Check if the version dxgkrnl.sys is greater than or equal to 6.1.7601.22000 AND Check if the version of dxgkrnl.sys is less than 6.1.7601.22720 OR Win 8/2k12 and vulnerable file version Win 8 / 2k12 Microsoft Windows 8 (x86) is installed AND Microsoft Windows 8 (x64) is installed AND Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable version Check if the version of win32k.sys is less than 6.2.9200.17059 OR Check for LDR Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000 AND Check if the version of win32k.sys is less than 6.2.9200.21178 AND Check if the version of dxgkrnl.sys is less than 6.2.9200.17031 OR dxgkrnl.sys LDR Check if the version of dxgkrnl.sys is less than 6.2.9200.21148 AND Check if the version of dxgkrnl.sys is greater than or equal to 6.2.9200.21000 OR Win 8.1 / 2K12 R2and vulnerable file version Win 8.1 / 2k12 R2 Microsoft Windows 8.1 (x86) is installed AND Microsoft Windows 8.1 (x64) is installed AND Microsoft Windows Server 2012 R2 is installed AND Either vulnerable file Check if the version of win32k.sys is less than 6.3.9600.17250 AND Check if the version of dxgkrnl.sys is less than 6.3.9600.17210

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7:-:sp1::::::	1
Os	Microsoft Windows 8 cpe:2.3:o:microsoft:windows_8:-:::::::*	1
Os	Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-:::::::*	1
Os	Microsoft Windows Rt cpe:2.3:o:microsoft:windows_rt:-:::::::*	1
Os	Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::	3
Os	Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:r2:::::::* cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	2
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-08-14	IAVM : 2014-A-0124 - Multiple Vulnerabilities in Microsoft Kernel-Mode Drivers Severity : Category II - VMSKEY : V0053797

Nessus® Vulnerability Scanner

Date	Description
2014-08-12	Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms14-045.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-01-07 09:27:32	Multiple Updates
2015-10-18 17:26:19	Multiple Updates
2014-08-27 21:27:03	Multiple Updates
2014-08-27 21:16:22	Multiple Updates
2014-08-16 05:28:11	Multiple Updates
2014-08-16 05:17:52	Multiple Updates
2014-08-14 09:25:13	Multiple Updates
2014-08-13 13:24:59	Multiple Updates
2014-08-13 05:25:46	Multiple Updates
2014-08-12 21:29:08	Multiple Updates
2014-08-12 21:18:14	First insertion

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	3
CPE ID(s)	12
IAVM(s)	1
Nessus® Exploit(s)	1

	Related
10	MS14-066
10	MS14-057
10	MS14-037
10	MS14-035
10	MS14-026
10	MS14-021
10	MS14-008
9.3	MS14-084
9.3	MS14-083
9.3	MS14-082
9.3	MS14-081
9.3	MS14-080
9.3	MS14-078
9.3	MS14-072
9.3	MS14-069
9.3	MS14-067
9.3	MS14-065
9.3	MS14-064
9.3	MS14-061
9.3	MS14-060
9.3	MS14-058
9.3	MS14-056
9.3	MS14-052
9.3	MS14-051
9.3	MS14-050
9.3	MS14-048
9.3	MS14-038
9.3	MS14-036
9.3	MS14-034
9.3	MS14-029
9.3	MS14-023
9.3	MS14-020
9.3	MS14-018
9.3	MS14-017
9.3	MS14-013
9.3	MS14-012
9.3	MS14-011
9.3	MS14-010
9.3	MS14-009
9.3	MS14-007
9.3	MS14-001
9.3	MS13-081
9	MS14-068
9	MS14-025
9	MS14-022
7.8	MS14-006
7.6	MS14-039
7.5	MS14-047
7.2	MS16-062
7.2	MS14-070
7.2	MS14-063
7.2	MS14-062
7.2	MS14-054
7.2	MS14-049
7.2	MS14-040
7.2	MS14-027
7.2	MS14-015
7.2	MS14-003
7.2	MS14-002
7.2	MS13-046
7.2	CVE-2014-1819
7.2	CVE-2014-0318
7.1	MS14-079
7.1	MS14-014
7.1	MS14-005
6.9	MS14-041
6.9	MS14-019
6.8	MS14-044
6.8	MS14-043
6.8	MS14-024
5.4	MS14-016
5.1	MS14-076
5.1	MS14-030
5	MS14-085
5	MS14-077
5	MS14-075
5	MS14-055
5	MS14-053
5	MS14-031
5	MS14-028
4.9	CVE-2014-4064
4.3	MS14-074
4.3	MS14-073
4.3	MS14-071
4.3	MS14-059
4.3	MS14-046
4.3	MS14-033
4.3	MS14-032
4	MS14-042
4	MS14-004
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 90 more Alert(s)

7.2 - MS14-045

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU