Executive Summary

Title Vulnerability in Windows Kernel
Name MS14-003 First vendor Publication 2014-01-14
Vendor Microsoft Last vendor Modification 2014-01-14
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Revision Note: V1.0 (January 14, 2014): Bulletin published.

Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a user logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms14-003

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21779
Oval ID: oval:org.mitre.oval:def:21779
Title: Win32k window handle vulnerability in Microsoft Windows (CVE-2014-0262) - MS14-003
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-0262
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Definition Synopsis:

CPE : Common Platform Enumeration

Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-01-16 IAVM : 2014-A-0005 - Microsoft Windows Kernel-Mode Drivers Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0043403

Nessus® Vulnerability Scanner

Date Description
2014-01-14 Name : The Windows kernel on the remote host is affected by a privilege escalation v...
File : smb_nt_ms14-003.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-04-27 02:03:56
  • Multiple Updates
2015-01-23 13:25:00
  • Multiple Updates
2015-01-14 13:23:36
  • Multiple Updates
2014-02-17 11:47:54
  • Multiple Updates
2014-01-18 00:18:44
  • Multiple Updates
2014-01-16 13:22:11
  • Multiple Updates
2014-01-15 21:26:22
  • Multiple Updates
2014-01-14 21:16:18
  • First insertion