What is the CVSS score of CVE-2014-4076?

CVE-2014-4076 has a CVSS 2.0 base score of 7.2 (High). CVSS vector: AV:L/AC:L/Au:N/C:C/I:C/A:C. EPSS exploitation probability: 61.1%.

Which versions of Microsoft are affected by CVE-2014-4076?

Organizations using Microsoft Windows Server 2003 SP2 face moderate risk from CVE-2014-4076 rated CVSS 7.2. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2014-4076?

Yes, a public proof-of-concept exploit is available for CVE-2014-4076. Prioritise patching immediately. EPSS: 61.1%.

How to fix or mitigate CVE-2014-4076?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Microsoft CVE-2014-4076

HIGH

Permissions, Privileges, and Access Controls (CWE-264)

2014-11-11 secure@microsoft.com

Privilege Escalation Microsoft

7.2

CVSS 2.0 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

PoC Detected

Apr 12, 2025 - 10:46 vuln.today

Public exploit code

CVE Published

Nov 11, 2014 - 22:55 nvd

HIGH 7.2

DescriptionCVE.org

Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."

AnalysisAI

Microsoft Windows Server 2003 SP2 contains a local privilege escalation vulnerability via crafted IOCTL calls to tcpip.sys or tcpip6.sys drivers. Local attackers can exploit improper access control in the TCP/IP driver to gain SYSTEM privileges on the server.

Technical ContextAI

The tcpip.sys and tcpip6.sys drivers in Windows Server 2003 SP2 improperly validate IOCTL request parameters from user-mode applications. A crafted IOCTL call can corrupt kernel memory or bypass access checks, allowing a local user to execute code with kernel/SYSTEM privileges. The TCP/IP driver is always loaded, making this a reliable escalation vector.

RemediationAI

Upgrade from Windows Server 2003 to a supported operating system. If upgrade is not possible, implement strict network segmentation to limit exposure. Restrict local logon rights to minimize the attack surface. Deploy host-based IDS to detect exploitation attempts.

CVE-2014-4076 vulnerability details – vuln.today

Back