Home Microsoft CVE-2013-5065
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2013-5065

Exploited

Windows - NDProxy.sys

Microsoft CVSS 7.8 Updated April 30, 2026

Executive Risk Summary

"A local privilege escalation vulnerability exists in Windows due to a flaw in the NDProxy.sys kernel component, allowing attackers to gain elevated privileges. This vulnerability has been exploited in the wild and can be used to gain system-level access."

Anticipated Attack Path

  1. 1. Initial exploitation of the NDProxy.sys vulnerability
  2. 2. Elevation of privileges to system-level access
  3. 3. Potential lateral movement and further exploitation

Am I Vulnerable?

  • Verify the presence of the NDProxy.sys component
  • Check for any suspicious system calls or API requests
  • Monitor for unusual system behavior or crashes

Operational Audit Arsenal

Target Type System Driver
Target Asset NDProxy.sys
Standard Path C:\Windows\System32\drivers\NDProxy.sys
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: NDProxy.sys (System Driver)
$Targets = 'NDProxy.sys'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

System restart required, potential disruption to system services

Internal Work Notes

Local privilege escalation vulnerability in Windows NDProxy.sys component, requiring patching and system restart to prevent exploitation.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

MSRC Advisoryhttp://technet.microsoft.com/security/advisory/2914486
Official Advisoryhttp://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002
Official Advisoryhttps://www.exploit-db.com/exploits/37732/
MSRC Advisoryhttp://technet.microsoft.com/security/advisory/2914486
Official Advisoryhttp://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-002
Official Advisoryhttps://www.exploit-db.com/exploits/37732/
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-5065

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.