CVE-2016-3352 — Improper Authorization in Microsoft Windows 10
Severity
8.8HIGHNVD
EPSS
32.9%
top 3.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 14
Latest updateMay 14
Description
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9