⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-03-24.
CVE-2016-0099 — Classic Buffer Overflow in Microsoft Windows Server 2008
Severity
7.8HIGHNVD
EPSS
90.4%
top 0.39%
CISA KEV
KEVRansomware
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 9
KEV addedMar 3
KEV dueMar 24
Latest updateMay 1
CISA Required Action: Apply updates per vendor instructions.
Description
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
5Exploit-DB▶
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)↗2016-07-13
Exploit-DB
▶
Exploit-DB▶
Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)↗2016-04-21
Exploit-DB▶
Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)↗2016-03-21