CVE-2014-4148
Published: 15 October 2014
Summary
CVE-2014-4148 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
win32k.sys in the kernel-mode drivers is affected by a TrueType font parsing flaw that permits remote code execution. The impacted platforms include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1. The issue is tracked as CWE-94 and carries a CVSS 3.1 score of 8.8.
An attacker can deliver a malicious TrueType font to a target system and trigger arbitrary code execution in kernel mode. The attack requires no authentication and can be initiated remotely, although user interaction is needed to process the font. Exploitation was observed in the wild during October 2014.
Microsoft addressed the vulnerability through the October 2014 security updates documented in bulletin MS14-058, which includes patches for the listed Windows versions. Additional details on risk and mitigation are provided in the associated Security Research & Defense blog post and vendor advisories.
The flaw received immediate attention because of confirmed in-the-wild exploitation at the time of disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-4079
Vulnerability details
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1…
more
allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
- CWE(s)
- KEV Date Added
- 25 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the MS14-058 security update that patches the TrueType font parsing flaw in win32k.sys.
Malicious-code protection mechanisms can block or detect delivery and processing of weaponized TrueType fonts before kernel-mode execution occurs.
Integrity verification of system files and received content can detect unauthorized modification of win32k.sys or malicious font files.