Now that we have a little background, we're going to watch the attack in action with Metasploit. The exploit module specific to this vulnerability is called exploit/windows/local/ms14_058_track_popup_menu (recall that MS14-058 is the Microsoft Security Bulletin designation for this flaw). Notice that this exploit falls under the local subcategory? The nature of this flaw requires that we are able to execute a program as a privileged user – this is a local attack, as opposed to a remote attack. Sometimes you'll see security publications discuss local exploits with phrases like the risk is limited by the fact that the attacker must be local to the machine. The pen tester in you should be ...