Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3237Microsoft Windows 10 vulnerability

CWE-2646 documents5 sources
Severity
7.5HIGHNVD
EPSS
24.9%
top 3.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
15
Microsoft Windows 10Microsoft Windows Server 2008Microsoft Windows Server 2012+12 more
Timeline
PublishedAug 9
Latest updateMay 14

Description

Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka "Kerberos Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages14 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-g622-x7hw-5xm2: Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 82022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)2016-09-22

📋Vendor Advisories

1
Microsoft
Kerberos Security Feature Bypass Vulnerability2016-08-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - August 20162016-08-09
Talos
Microsoft Patch Tuesday - August 20162016-08-09