CVE-2016-3300Microsoft Windows Server 2012 vulnerability

CWE-2645 documents4 sources
Severity
7.8HIGHNVD
EPSS
2.1%
top 15.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Windows Server 2012Msrc Windows 8.1 FOR 32-bit SystemsMsrc Windows 8.1 FOR X64-based Systems+3 more
Timeline
PublishedAug 9
Latest updateMay 14

Description

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka "Netlogon Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-fp3f-j2qm-7hhj: The Netlogon service in Microsoft Windows 82022-05-14

📋Vendor Advisories

1
Microsoft
NetLogon Elevation of Privilege Vulnerability2016-08-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - August 20162016-08-09
Talos
Microsoft Patch Tuesday - August 20162016-08-09