CVE-2017-0081

Description

The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082.

Risk Information

Base Score

7.7

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

Exploitation Probability

1.692

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Browser Spoofing Vulnerability for Windows Server 2016 for x64-based Systems (KB4013429) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4013429) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 (KB4013429) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 for x64-based Systems (KB4012606) - Cumulative	Windows
Internet Explorer Information Disclosure Vulnerability for Windows Server 2012 R2- WannaCrypt Ransomware Worm(KB4012216)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012216)	Windows
Internet Explorer Information Disclosure Vulnerability for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012216)	Windows
Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4013198) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1511 (KB4013198) - Cumulative	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012213)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012213)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2012 R2 - WannaCrypt Ransomware Worm (KB4012213)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard for x64-based Systems (KB4012214)	Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard (KB4012214)	Windows
Windows Graphics Component Remote Code Execution Vulnerability for Windows Server 2008 for x64-based Systems (KB4012497)	Windows
Windows Graphics Component Remote Code Execution Vulnerability for Windows Server 2008 (KB4012497)	Windows
Windows Graphics Component Remote Code Execution Vulnerability for Windows Vista for x64-based Systems (KB4012497)	Windows
Windows Graphics Component Remote Code Execution Vulnerability for Windows Vista (KB4012497)	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 (KB4012606)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-22054	Cumulative Update for Windows Server 2016 for x64-based Systems (KB4013429)
PATCH-22053	Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4013429)
PATCH-22052	Cumulative Update for Windows 10 Version 1607 (KB4013429)
PATCH-22049	Cumulative Update for Windows 10 for x64-based Systems (KB4012606)
PATCH-22149	March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2- WannaCrypt Ransomware Worm(KB4012216)
PATCH-22148	March, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012216)
PATCH-22047	March, 2017 Security Monthly Quality Rollup for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012216)
PATCH-22150	March, 2017 Security Monthly Quality Rollup for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)
PATCH-22063	March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22062	March, 2017 Security Only Quality Update for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22064	March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22051	Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4013198)
PATCH-22050	Cumulative Update for Windows 10 Version 1511 (KB4013198)
PATCH-22066	March, 2017 Security Only Quality Update for Windows 8.1 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012213)
PATCH-22065	March, 2017 Security Only Quality Update for Windows 8.1 - WannaCrypt Ransomware Worm(KB4012213)
PATCH-22067	March, 2017 Security Only Quality Update for Windows Server 2012 R2 - WannaCrypt Ransomware Worm (KB4012213)
PATCH-22070	March, 2017 Security Only Quality Update for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)
PATCH-22108	Security Update for Windows Server 2008 for x64-based Systems (KB4012497)
PATCH-22106	Security Update for Windows Server 2008 (KB4012497)
PATCH-22107	Security Update for Windows Vista for x64-based Systems (KB4012497)
PATCH-22105	Security Update for Windows Vista (KB4012497)
PATCH-22048	Cumulative Update for Windows 10 (KB4012606)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234