⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-18.

CVE-2016-0151Improper Privilege Management in Microsoft Windows Server 2012

CWE-269Improper Privilege ManagementCWE-2647 documents7 sources
Severity
7.8HIGHNVD
EPSS
44.1%
top 2.45%
CISA KEV
KEVRansomware
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
10
Microsoft Windows Server 2012Msrc Windows 10 FOR 32-bit SystemsMsrc Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedApr 12
KEV addedMar 28
KEV dueApr 18
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.

Description

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-m2mf-9mv6-9g77: The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 82022-05-14
VulnCheck
Microsoft Windows CSRSS Security Feature Bypass Vulnerability2016

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)2016-04-27

📋Vendor Advisories

2
CISA
Microsoft Windows CSRSS Security Feature Bypass Vulnerability2022-03-28
Microsoft
Windows CSRSS Security Feature Bypass Vulnerability2016-04-12

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-12-2016