Cyber Resilience

CVE-2014-4148

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 15 October 2014

Published
15 October 2014
Modified
22 April 2026
KEV Added
25 May 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.5572 98.1th percentile
Risk Priority 71 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2014-4148 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

win32k.sys in the kernel-mode drivers is affected by a TrueType font parsing flaw that permits remote code execution. The impacted platforms include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1. The issue is tracked as CWE-94 and carries a CVSS 3.1 score of 8.8.

An attacker can deliver a malicious TrueType font to a target system and trigger arbitrary code execution in kernel mode. The attack requires no authentication and can be initiated remotely, although user interaction is needed to process the font. Exploitation was observed in the wild during October 2014.

Microsoft addressed the vulnerability through the October 2014 security updates documented in bulletin MS14-058, which includes patches for the listed Windows versions. Additional details on risk and mitigation are provided in the associated Security Research & Defense blog post and vendor advisories.

The flaw received immediate attention because of confirmed in-the-wild exploitation at the time of disclosure.

EU & UK References

Vulnerability details

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1…

more

allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."

CWE(s)
KEV Date Added
25 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows 8
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2003
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the MS14-058 security update that patches the TrueType font parsing flaw in win32k.sys.

preventdetect

Malicious-code protection mechanisms can block or detect delivery and processing of weaponized TrueType fonts before kernel-mode execution occurs.

preventdetect

Integrity verification of system files and received content can detect unauthorized modification of win32k.sys or malicious font files.

References