Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0077: Dxgkrnl.sys Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0077: Dxgkrnl.sys Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

05/09/2017

Created

07/25/2018

Added

05/09/2017

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On systems with Windows 8.1 or later installed, this vulnerability can lead to denial of service. The update addresses the vulnerability by correcting the way in which the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) handles certain calls and escapes to preclude improper memory mapping and prevent unintended elevation from user-mode.

Solution(s)

msft-kb4016871-3f4526c4-d3ec-486a-a7ef-8d1987905310
msft-kb4016871-cf89e515-56cd-4e4f-b5ca-31b3ea1e81b3
msft-kb4019149-46b550c1-9a29-45bd-ae8b-10981f575d64
msft-kb4019149-4e8c3875-f469-451b-8e6e-5de320bce172
msft-kb4019149-7b44bb7f-8500-45df-a6e0-f554effd95a6
msft-kb4019213-2913676b-33a1-4557-9160-f36bfed5f294
msft-kb4019213-3041ea24-871e-44bd-ad52-9b2620ca82bc
msft-kb4019213-3329281f-2407-4bda-b8a6-37dc9b1ef179
msft-kb4019214-6dbabc80-d41f-4736-ad08-5c172cb9c274
msft-kb4019214-79e81c68-ba95-4c77-a747-5f2effd6388e
msft-kb4019214-9b0cfbdc-1a83-4ff0-b80c-d1b4f1475cc7
msft-kb4019263-46c89aaa-6d7f-48c4-abda-2e0709b58b71
msft-kb4019263-a1d1d5c2-78be-44c0-b0eb-2706f1225447
msft-kb4019263-c218dbd8-9396-4978-a84d-aeb7a2c77ce3
msft-kb4019263-c4749633-16b1-4395-b0bd-1930ee20d5c6
msft-kb4019263-cd7fd4a7-f4db-493d-8cc3-70d33e708775
msft-kb4019263-d8a880a2-6caa-453f-81c8-c6a88bf19d69
msft-kb4019472-95ff788a-8fe4-4584-bfca-7051b92405b2
msft-kb4019472-970dc0b3-07a2-4434-8df0-9008dcdc9f36
msft-kb4019472-bf47cd35-d39a-426f-8884-ffcd8bd9c49a
msft-kb4019473-55f05839-b358-4f0d-bcef-683de665b62c
msft-kb4019473-e7400165-c486-4e3e-aabc-24d04ef1dbe6
msft-kb4019474-15928377-0964-4b80-9021-1ab7230cc690
msft-kb4019474-6964cf08-89cf-4a95-ace6-fdb7a423c09c

References

https://attackerkb.com/topics/cve-2017-0077
CVE - 2017-0077
4016871
4019149
4019213
4019214
4019215
4019216
4019263
4019264
4019472
4019473
4019474

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0077: Dxgkrnl.sys Elevation of Privilege Vulnerability

Microsoft CVE-2017-0077: Dxgkrnl.sys Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.