CVE-2016-0075
published 2016-10-14CVE-2016-0075: The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges…
PriorityP337medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EXPLOIT
EPSS
6.88%
93.3th percentile
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 8
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2016-0075 [MEDIUM] CWE-200 GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 8
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
GHSA
GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 8
ghsa_unreviewed·2022-05-14·CVSS 5.5
CVE-2016-0073 [MEDIUM] CWE-200 GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 8
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
Microsoft
Windows Kernel Local Elevation of Privilege Vulnerability
vendor_msrc·2016-10-11·CVSS 5.5
CVE-2016-0075 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability
Windows Kernel Local Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel API correctly restricts access to user account information.
Windows Registry: Windows Registry
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software R
No detection rules found.
Exploit-DB
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
exploitdb·2016-11-09·CVSS 7.8
CVE-2016-7255 [HIGH] Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
---
/*
Source: https://github.com/tinysec/public/tree/master/CVE-2016-7255
Full Proof of Concept:
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40745.zip
Created: 2016-11-09 14:23:09
Filename: main.c
Author: root[at]TinySec.net
Version 0.0.0.1
Purpose: poc of cve-2016-0075
*/
#include
#include
#include
#include
//////////////////////////////////////////////////////////////////////////
#pragma comment(lib,"ntdll.lib")
#pragma comment(lib,"user32.lib")
#undef DbgPrint
ULONG __cdecl DbgPrintEx( IN ULONG ComponentId, IN ULONG Level, IN PCCH Format, IN ... );
ULONG __cdecl DbgPrint(__in char* Format, ...)
{
CHAR* pszDbgBuff = NU
Exploit-DB
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
exploitdb·2016-10-18
CVE-2016-0075 Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)
---
/*
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=872
Windows: DeviceApi CMApi PiCMOpenClassKey Arbitrary Registry Key Write EoP
Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7
Class: Elevation of Privilege
Summary:
The DeviceApi CMApi PiCMOpenClassKey IOCTL allows a normal user to create arbitrary registry keys in the system hive leading to elevation of privilege.
Description:
The DeviceApi is a driver implemented inside the kernel which exposes a number of devices. One of those is CMApi which presumably is short for configuration manager API as it primarily exposes device configuration from the registry to the caller. The device e
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this month's bulletins for Internet Explorer and Edg
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
## Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this mont
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2016-4383 openstack-glance: glance-manage db purge breaks image immutability expectation
bugzilla·2017-06-29·CVSS 8.4
CVE-2016-4383 [HIGH] CVE-2016-4383 openstack-glance: glance-manage db purge breaks image immutability expectation
CVE-2016-4383 openstack-glance: glance-manage db purge breaks image immutability expectation
The glance-manage db in openstack-glance allows deleted image IDs to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
References:
https://bugs.launchpad.net/glance/+bug/1593799/
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05273584
Discussion:
Created openstack-glance tracking bugs for this issue:
Affects: openstack-rdo [bug 1466324]
---
The OSSN is here (with mitigation): https://wiki.openstack.org/wiki/OSSN/OSSN-0075
---
Mitigation:
For this flaw to be exploited, both non-admin image upload must be permitted and records of deleted IDs must have been purged from the openstac
http://www.securityfocus.com/bid/93356https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124https://www.exploit-db.com/exploits/40573/http://www.securityfocus.com/bid/93356https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-124https://www.exploit-db.com/exploits/40573/
2016-10-14
Published