What is the CVSS score of CVE-2017-0263?

CVE-2017-0263 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 17.8%.

Which versions of Windows Win32k are affected by CVE-2017-0263?

CVE-2017-0263 is a critical privilege escalation vulnerability in Windows kernel affecting versions 7 through 10 and Server 2008-2016, enabling authenticated local users to gain SYSTEM-level access.. A patch is available.

Is there a public PoC exploit available for CVE-2017-0263?

Yes, a public proof-of-concept exploit is available for CVE-2017-0263. Prioritise patching immediately. EPSS: 17.8%.

How to fix or mitigate CVE-2017-0263?

Within 24 hours: Inventory all Windows 7, 8.1, 10 (through 1703), Server 2008, 2012, and 2016 systems; identify which lack May 2017 security updates (MS17-013 or later cumulative updates). Within 7 days: Apply Microsoft patches-Windows 10 through build 15063 and earlier require May 2017 cumulative update KB4019472 or later; Windows 7/8.1/Server 2008-2016 require MS17-013 patches specific to each OS version (available via Windows Update or WSUS). Within 30 days: Validate patch deployment via WSUS/SCCM reporting and conduct vulnerability scans to confirm remediation across all affected systems.

Windows Win32k CVE-2017-0263

HIGH

Use After Free (CWE-416)

2017-05-12 secure@microsoft.com

Information Disclosure Microsoft Use After Free Memory Corruption

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 14:01 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:16 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:16 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 00:16 nvd

Patch available

CVE Published

May 12, 2017 - 14:29 nvd

HIGH 7.8

DescriptionCVE.org

The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

AnalysisAI

Local privilege escalation in Windows Win32k kernel-mode driver allows authenticated local users to gain SYSTEM privileges via use-after-free exploitation. Affects all Windows versions from 7 through 10 1703 and Server 2008-2016. Confirmed actively exploited (CISA KEV) with publicly available exploit code. EPSS score of 17.77% (95th percentile) indicates significant real-world exploitation probability despite local attack vector requirement. Microsoft released patches in May 2017 security bulletin.

Technical ContextAI

The vulnerability exists in the Win32k kernel-mode driver subsystem, which handles GUI operations and window management in Windows. This is a use-after-free memory corruption flaw (CWE-416) where kernel memory is accessed after being freed, allowing attackers to manipulate freed memory and achieve arbitrary code execution in kernel context. Win32k has historically been a common target for privilege escalation due to its complexity, large attack surface, and kernel-mode execution context. The CPE data confirms widespread impact across all major Windows desktop and server versions from Windows 7 SP1 through Windows 10 1703, Windows Server 2008 SP2/R2 SP1, Server 2012/R2, Server 2016, and Windows RT 8.1.

RemediationAI

Apply Microsoft's May 2017 security updates immediately via Windows Update or WSUS, as detailed in advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0263. Specific patch KB numbers vary by Windows version but were released as part of the May 2017 Patch Tuesday cumulative updates. For systems that cannot be immediately patched, implement compensating controls: restrict local logon rights to trusted administrators only via Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > 'Allow log on locally'), disable unnecessary local user accounts, implement application whitelisting via AppLocker or Windows Defender Application Control to prevent execution of unauthorized local binaries, and monitor for suspicious privilege escalation attempts via Sysmon Event ID 10 (process access) and Security Event ID 4672 (special privileges assigned to new logon). Note that these mitigations only reduce attack surface - they do not eliminate the vulnerability and will impact legitimate local user workflows. Prioritize patching over workarounds given confirmed active exploitation.

CVE-2017-0263 vulnerability details – vuln.today

Back

Windows Win32k CVE-2017-0263

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code