What is the CVSS score of CVE-2010-2743?

CVE-2010-2743 has a CVSS 2.0 base score of 7.2 (High). CVSS vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. EPSS exploitation probability: 8.9%.

Which versions of Windows XP are affected by CVE-2010-2743?

CVE-2010-2743 is a local privilege escalation in Microsoft Windows kernel drivers affecting Windows XP, Server 2003, Windows 7, and Server 2008/R2, enabling unprivileged users to gain SYSTEM-level…

Is there a public PoC exploit available for CVE-2010-2743?

Yes, a public proof-of-concept exploit is available for CVE-2010-2743. Prioritise patching immediately. EPSS: 8.9%.

How to fix or mitigate CVE-2010-2743?

Within 24 hours: Identify and inventory all Windows XP SP3, Server 2003 SP2, Windows 7, and Server 2008/R2 systems in your environment using vulnerability scanning tools. Within 7 days: Apply Microsoft patch MS10-073 (released October 2010) to all affected systems; prioritize systems with local user access or where unprivileged accounts can install keyboard layout files. Within 30 days: Verify patch deployment across 100% of affected systems and implement monitoring for suspicious keyboard layout file modifications.

Windows XP CVE-2010-2743

HIGH

2011-01-20 secure@microsoft.com

Information Disclosure Microsoft

7.2

CVSS 2.0 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:45 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:39 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:17 vuln.today

PoC Detected

Apr 11, 2025 - 00:51 vuln.today

Public exploit code

CVE Published

Jan 20, 2011 - 21:00 nvd

HIGH 7.2

DescriptionCVE.org

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.

AnalysisAI

Local privilege escalation in Microsoft Windows kernel-mode driver allows unprivileged users to gain SYSTEM-level access via malicious keyboard layout files. Affected platforms include Windows XP SP3, Windows Server 2003 SP2, Windows 7, and Windows Server 2008/R2 across all architectures. This vulnerability achieved widespread notoriety as one of four zero-days leveraged by the Stuxnet worm in July 2010 for industrial espionage and sabotage operations. Public exploit code exists (Exploit-DB 15985) with 8.88% EPSS score (92nd percentile), though no current KEV listing exists, suggesting exploitation was primarily limited to the Stuxnet campaign rather than ongoing widespread abuse. Microsoft released patches in MS10-073 (October 2010).

Technical ContextAI

The vulnerability exists in the Win32k.sys kernel-mode driver, specifically in the subsystem responsible for loading keyboard layout files (.KBD files) from disk. Windows maintains a function-pointer table for keyboard input handling that must be indexed during layout initialization. The driver fails to properly validate or sanitize index values when parsing crafted keyboard layout files, allowing an attacker to control array indexing and redirect code execution to arbitrary memory locations. Because Win32k.sys operates in kernel mode (Ring 0), successful exploitation grants attackers the highest privilege level in the Windows security model. The affected CPE strings indicate vulnerability across x86, x64, and Itanium architectures in Windows XP SP3, Server 2003 SP2, Windows 7 RTM, and Server 2008/2008 R2 families. This represents a classic kernel memory corruption vulnerability where user-controlled input reaches privileged code without adequate bounds checking.

RemediationAI

Apply Microsoft Security Bulletin MS10-073 cumulative update released October 2010, which patches the keyboard layout indexing flaw in Win32k.sys across all affected platforms (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-073). For Windows XP SP3, install KB2229593; for Server 2003 SP2, install KB2229593; for Windows 7/Server 2008 R2, install KB2229593 (exact KB numbers vary by architecture - consult MS10-073 for platform-specific packages). Organizations unable to patch immediately should implement application whitelisting to prevent execution of unauthorized keyboard layout files, restrict user permissions to prevent writing to system directories where .KBD files reside (typically %SystemRoot%\System32), and monitor for anomalous keyboard layout loading via process monitoring tools (note this significantly impacts usability for legitimate multilingual users). For legacy Windows XP/Server 2003 systems beyond extended support, migrate to supported operating systems as compensating controls provide limited protection against local kernel exploits. Air-gapped industrial control systems should prioritize patching given Stuxnet's historical targeting of such environments.

CVE-2010-2743 vulnerability details – vuln.today

Back