Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7224Improper Access Control in Microsoft Windows 10

CWE-284Improper Access Control5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
1.1%
top 22.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
14
Microsoft Windows 10Microsoft Windows Server 2012Msrc Windows 10 FOR 32-bit Systems+11 more
Timeline
PublishedNov 10
Latest updateMay 14

Description

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 1.8 | Impact: 4.2

Affected Packages14 packages

NVDmicrosoft/windows_101511, 1607+1

🔴Vulnerability Details

1
GHSA
GHSA-7m2h-7xmj-fm47: Virtual Hard Disk Driver in Microsoft Windows 82022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)2016-11-15

📋Vendor Advisories

1
Microsoft
VHD Driver Elevation of Privilege Vulnerability2016-11-08

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016