CVE-2016-3368
published 2016-09-14CVE-2016-3368: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10…
PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
18.33%
96.9th percentile
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka "Windows Remote Code Execution Vulnerability."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires a domain user account to send a specially crafted request to a Windows host; monitor for anomalous authenticated RPC/LDAP/SMB requests from domain accounts targeting Windows systems, particularly those resulting in elevated privilege execution. ↗
- →The vulnerability is triggered via Windows object handling in memory; monitor for unexpected privileged process spawning (elevated permissions) following inbound authenticated network requests on domain-joined Windows systems. ↗
- →Affected platforms span Vista SP2 through Windows 10 1607 and Server 2008 through 2012 R2; prioritize detection on unpatched systems missing KB3184471, KB3185611, KB3193494, KB3185614, or KB3189866. ↗
- ·Exploit status is publicly disclosed: No and exploited: No at time of advisory; exploitation assessed as 'Less Likely' for both latest and older software releases, reducing urgency but not eliminating risk. ↗
- ·No concrete IOCs (hashes, IPs, domains, signatures) are present in the available sources; detection must rely on behavioral indicators (domain-authenticated crafted requests leading to elevated code execution) rather than static indicators. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vm3g-wh7w-xc8p: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-3368 [HIGH] CWE-119 GHSA-vm3g-wh7w-xc8p: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a crafted request, aka "Windows Remote Code Execution Vulnerability."
Microsoft
Windows Remote Code Execution Vulnerability
vendor_msrc·2016-09-13·CVSS 7.5
CVE-2016-3368 [HIGH] Windows Remote Code Execution Vulnerability
Windows Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.
The security update addresses the vulnerability by correcting how Windows handles objects in memory.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older S
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/92847http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110http://www.securityfocus.com/bid/92847http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110
2016-09-14
Published