|Number of vulnerabilities||1|
|CVE ID|| CVE-2014-4113
|Public exploit||This vulnerability is being exploited in the wild.|
|Vulnerable software versions||
Windows Server 2003
Windows Server 2008 R2
Windows Server 2008
Windows Server 2012 R2
Windows Server 2012
Windows RT 8.1
The vulnerability allows a local attacker to obtain elevated privileges on the target system.
The weakness exists due to improper handling of objects in memory by kernel-mode driver (win32k.sys). A local attacker can run a specially crafted application to gain elevated privileges and take complete control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.