CVE-2016-3352
published 2016-09-14CVE-2016-3352: Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for…
PriorityP352high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
20.79%
97.2th percentile
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j53r-gx3g-g877: Microsoft Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-3352 [HIGH] CWE-285 GHSA-j53r-gx3g-g877: Microsoft Windows 8
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."
Microsoft
Windows Information Disclosure Vulnerability
vendor_msrc·2016-09-13·CVSS 6.5
CVE-2016-3352 [HIGH] Windows Information Disclosure Vulnerability
Windows Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user’s NTLM password hash.
To exploit the vulnerability, an attacker would have to trick a user into browsing to a malicious website, or to an SMB or UNC path destination, or convince a user to load a malicious document that initiates an NTLM SSO validation request without the consent of the user.
To validate MSA NTLM SSO authentication requests properly, it is imperative that Windows client operating system firewall profiles and enterprise perimeter firewalls ar
No detection rules found.
No public exploits indexed.
Qualys
Large Microsoft Patch Tuesday Update for September 2016 | Qualys
blogs_qualys·2016-09-13·CVSS 8.8
CVE-2016-3352 [HIGH] Large Microsoft Patch Tuesday Update for September 2016 | Qualys
It’s September 2016 Patch Tuesday, and Microsoft has released 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers , Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy. Seven updates are rated as critical, while the other seven are rated as important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin.
## Desktop
On the desktop side top priority goes to Browsers and Microsoft Office. This includes Cumulative Security Update for Internet Explorer ( MS16-104 ) which affects IE 9 to 11 and Cumulative Security Update for Microsoft Edge ( MS16-105 ) which only affects Windows 10 platforms
Qualys
Large Microsoft Patch Tuesday Update for September 2016 | Qualys
blogs_qualys·2016-09-13·CVSS 8.8
CVE-2016-3352 [HIGH] Large Microsoft Patch Tuesday Update for September 2016 | Qualys
It’s September 2016 Patch Tuesday, and Microsoft has released 14 security bulletins that affect a host of components including desktop operating systems, servers, browsers , Exchange server, Silverlight, SMBv1 and several others. It’s a large update that will keep desktop as well as server administrators busy. Seven updates are rated as critical, while the other seven are rated as important. One 0-day vulnerability CVE-2016-3352 which was publicly disclosed earlier is also patched in the MS16-110 bulletin.
### Desktop
On the desktop side top priority goes to Browsers and Microsoft Office. This includes Cumulative Security Update for Internet Explorer (MS16-104) which affects IE 9 to 11 and Cumulative Security Update for Microsoft Edge (MS16-105) which only affects Windows 10 platforms. A
http://www.securityfocus.com/bid/92852http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110http://www.securityfocus.com/bid/92852http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110
2016-09-14
Published