diff --git a/modules/exploits/windows/local/ntusermndragover.rb b/modules/exploits/windows/local/ntusermndragover.rb
index 0cefe888b4..df80a8cf84 100644
--- a/modules/exploits/windows/local/ntusermndragover.rb
+++ b/modules/exploits/windows/local/ntusermndragover.rb
@@ -13,6 +13,7 @@ class MetasploitModule < Msf::Exploit::Local
   include Msf::Post::File
   include Msf::Exploit::EXE
   include Msf::Post::Windows::Priv
+  include Msf::Post::Windows::FileInfo
   include Msf::Post::Windows::ReflectiveDLLInjection
   include Msf::Exploit::Remote::AutoCheck
 
@@ -95,6 +96,9 @@ class MetasploitModule < Msf::Exploit::Local
       return CheckCode::Safe
     end
 
+    path = expand_path('%WINDIR%\\system32\\win32k.sys')
+    major, minor, build, revision, brand = file_version(path)
+    return CheckCode::Safe if revision >= 24387
 
     CheckCode::Appears
   end