CVE-2016-7223Improper Access Control in Microsoft Windows 10

CWE-284Improper Access Control5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.9%
top 24.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Windows 10Microsoft Windows Server 2012Msrc Windows 10 FOR 32-bit Systems+11 more
Timeline
PublishedNov 10
Latest updateMay 14

Description

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 1.8 | Impact: 4.2

Affected Packages14 packages

NVDmicrosoft/windows_101511, 1607+1

🔴Vulnerability Details

1
GHSA
GHSA-wc6j-mw43-qcm3: Virtual Hard Disk Driver in Microsoft Windows 82022-05-14

📋Vendor Advisories

1
Microsoft
VHD Driver Elevation of Privilege Vulnerability2016-11-08

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - November 20162016-11-08
Talos
Microsoft Patch Tuesday - November 20162016-11-08