CVE-2016-3302 — Microsoft Windows 10 vulnerability

CWE-2643 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

1.2%

top 21.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Windows 10 FOR 32-bit Systems +9 more

Timeline

PublishedSep 14

Latest updateMay 14

Description

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 0.4 | Impact: 5.9

Affected Packages12 packages

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607+1

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5qrj-x9xq-qc4p: Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Lock Screen Elevation of Privilege Vulnerability↗2016-09-13

▶