CVE-2016-0073
published 2016-10-14CVE-2016-0073: The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges…
PriorityP433medium5CVSS 3.0
AVLACLPRLUIRSUCHINAN
EXPLOIT
EPSS
5.10%
91.3th percentile
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
CVSS provenance
nvdv3.05.0MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc5.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Kernel Local Elevation of Privilege Vulnerability
vendor_msrc·2016-10-11·CVSS 5.0
CVE-2016-0073 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability
Windows Kernel Local Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel API correctly restricts access to user account information.
Windows Registry: Windows Registry
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software R
GHSA
GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 8
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2016-0075 [MEDIUM] CWE-200 GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 8
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
GHSA
GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 8
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2016-0073 [MEDIUM] CWE-200 GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 8
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
No detection rules found.
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this month's bulletins for Internet Explorer and Edg
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
## Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this mont
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/93355https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124https://www.exploit-db.com/exploits/40574/http://www.securityfocus.com/bid/93355https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124https://www.exploit-db.com/exploits/40574/
2016-10-14
Published