Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0073 — Sensitive Information Exposure in Microsoft Windows 10

CWE-200 — Sensitive Information Exposure9 documents6 sources

Severity

5.5MEDIUMNVD

NVD5.0

EPSS

3.0%

top 13.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Windows 10 FOR 32-bit Systems +10 more

Timeline

PublishedOct 14

Latest updateMay 14

Description

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages13 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607+1

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

🔴Vulnerability Details

GHSA

GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 8↗2022-05-14

▶

GHSA

GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 8↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - DeviceApi CMApi User Hive Impersonation Privilege Escalation (MS16-124)↗2016-10-18

▶

📋Vendor Advisories

Microsoft

Windows Kernel Local Elevation of Privilege Vulnerability↗2016-10-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2016↗2016-10-11

▶

Talos

Microsoft Patch Tuesday - October 2016↗2016-10-11

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 11-10-2016↗

▶