CVE-2014-0318
Description
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A privilege escalation vulnerability in win32k.sys allows local users to gain system privileges via a crafted application.
Vulnerability
The vulnerability resides in win32k.sys, the kernel-mode driver in Microsoft Windows. It stems from improper access control to thread-owned objects. Affected versions include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 [1].
Exploitation
An attacker must have valid logon credentials and be able to log on locally to the target system. The attacker then runs a specially crafted application that triggers the vulnerability. No additional user interaction is required beyond the initial logon [1].
Impact
Successful exploitation allows the attacker to elevate privileges, gaining the ability to execute arbitrary code in kernel mode. This results in full control over the affected system, including the ability to install programs, view/change/delete data, or create new accounts with full user rights [1].
Mitigation
Microsoft released security update MS14-045 (KB2984615) on August 12, 2014, which addresses this vulnerability. Customers with automatic updating enabled are protected automatically. For those without, manual installation of the update is recommended. No workarounds are documented [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
- (no CPE)range: = Gold, = 8.1
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
- (no CPE)range: = SP2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*+ 3 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- (no CPE)range: = SP2, = R2 SP1
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- (no CPE)range: = Gold, = R2
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- (no CPE)range: = SP2
- Range: = SP1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-045nvdPatchVendor Advisory
- secunia.com/advisories/60673nvdThird Party Advisory
- www.securityfocus.com/bid/69142nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.