VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 12, 2014· Updated May 6, 2026

CVE-2014-0300

CVE-2014-0300

Description

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Win32k.sys vulnerability in Windows allows local users to gain privileges via a crafted application.

Vulnerability

A privilege escalation vulnerability exists in the Windows kernel-mode driver win32k.sys due to improper handling of objects in memory. This affects Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1. The vulnerability is triggered when a specially crafted application is executed locally [1].

Exploitation

An attacker must have valid logon credentials and be able to log on locally to the system. The attacker then runs a specially crafted application that exploits the memory handling flaw in win32k.sys to trigger the elevation of privilege [1].

Impact

Successful exploitation allows an attacker to gain elevated privileges on the system, potentially executing arbitrary code with kernel-level access. This could lead to full compromise of the confidentiality, integrity, and availability of the affected system [1].

Mitigation

Microsoft released security update MS14-015 on March 11, 2014, which addresses this vulnerability by correcting the way win32k.sys handles objects in memory. All supported versions of Windows were updated. No workaround is documented, but applying the update is recommended [1].

References
  1. Microsoft Security Bulletin MS14-015 - Important

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15
  • Microsoft/Windows 7
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  • Microsoft/Windows 8
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
  • Microsoft/Windows 8.1
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • Microsoft/Windows Rt
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • Microsoft/Windows Rt 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20083 versions
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*+ 2 more
    • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20122 versions
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • Microsoft/Windows Vista
    cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • Microsoft/Windows Xp2 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
  • Microsoft/win32k.sysllm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.