KB2914486: Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege

High Nessus Plugin ID 71140


The remote Windows host has a privilege elevation vulnerability in a system-provided communications driver.


The remote host has an unspecified privilege elevation vulnerability in NDProxy.sys, a system-provided communications driver. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in kernel mode. Additionally, the attacker could view, change or even delete data, as well as install programs and/or create new accounts with full administrative rights.


Apply the workaround referenced in Microsoft Security Advisory (2914486). This workaround will cause certain services that rely on Windows Telephony Application Programming Interfaces (TAPI) to not function. Refer to the advisory for more information.

See Also



Plugin Details

Severity: High

ID: 71140

File Name: smb_kb2914486.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2013/11/29

Modified: 2014/01/19

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:W/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/11/27

Exploitable With

Core Impact

Metasploit (Microsoft Windows ndproxy.sys Local Privilege Escalation)

Reference Information

CVE: CVE-2013-5065

BID: 63971

OSVDB: 100368

EDB-ID: 30014

IAVA: 2014-A-0004