Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7225 — Improper Access Control in Microsoft Windows 10

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems +5 more

Timeline

PublishedNov 10

Latest updateMay 14

Description

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 1.8 | Impact: 4.2

Affected Packages8 packages

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-892j-hh7c-chxx: Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local use↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - VHDMP ZwDeleteFile Arbitrary File Deletion Privilege Escalation (MS16-138)↗2016-11-15

▶

📋Vendor Advisories

Microsoft

VHD Driver Elevation of Privilege Vulnerability↗2016-11-08

▶