Home Microsoft CVE-2013-3660
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2013-3660

Exploited

Windows - win32k.sys

Microsoft CVSS 7.8 Updated April 30, 2026

Executive Risk Summary

"The EPATHOBJ::pprFlattenRec function in win32k.sys does not properly initialize a pointer, allowing local users to gain privileges by triggering excessive consumption of paged memory. This vulnerability affects various Windows versions, including Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8, and Windows Server 2012."

Anticipated Attack Path

  1. 1. Initial exploitation of the vulnerability through excessive consumption of paged memory
  2. 2. Elevation of privileges by making many FlattenPath function calls
  3. 3. Execution of arbitrary code in kernel mode

Am I Vulnerable?

  • Verify the presence of the win32k.sys file
  • Check for the existence of the EPATHOBJ::pprFlattenRec function
  • Monitor system logs for suspicious activity related to paged memory consumption

Operational Audit Arsenal

Target Type System File
Target Asset win32k.sys
Standard Path C:\Windows\System32\drivers
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: win32k.sys (System File)
$Targets = 'win32k.sys'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

System restart required, potential disruption to running applications and services

Internal Work Notes

CVE-2013-3660: Windows win32k.sys Elevation of Privilege Vulnerability, patching required to prevent local privilege escalation

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html
Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html
Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html
Official Advisoryhttp://secunia.com/advisories/53435
Official Advisoryhttp://twitter.com/taviso/statuses/309157606247768064
Official Advisoryhttp://twitter.com/taviso/statuses/335557286657400832
Official Advisoryhttp://www.computerworld.com/s/article/9239477
Official Advisoryhttp://www.exploit-db.com/exploits/25611/
Official Advisoryhttp://www.osvdb.org/93539
Official Advisoryhttp://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/
Official Advisoryhttp://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw
Official Advisoryhttp://www.us-cert.gov/ncas/alerts/TA13-190A
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053
Official Advisoryhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360
Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-05/0090.html
Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-05/0094.html
Official Advisoryhttp://archives.neohapsis.com/archives/fulldisclosure/2013-06/0006.html
Official Advisoryhttp://secunia.com/advisories/53435
Official Advisoryhttp://twitter.com/taviso/statuses/309157606247768064
Official Advisoryhttp://twitter.com/taviso/statuses/335557286657400832
Official Advisoryhttp://www.computerworld.com/s/article/9239477
Official Advisoryhttp://www.exploit-db.com/exploits/25611/
Official Advisoryhttp://www.osvdb.org/93539
Official Advisoryhttp://www.reddit.com/r/netsec/comments/1eqh66/0day_windows_kernel_epathobj_vulnerability/
Official Advisoryhttp://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw
Official Advisoryhttp://www.us-cert.gov/ncas/alerts/TA13-190A
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053
Official Advisoryhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17360
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3660

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.