CVE-2016-0099
CVE-2016-0099
In short
A flaw in Windows' Secondary Logon Service allows a local user to run a specially crafted program that tricks the system into giving them higher privileges than they should have.
Technical detail
The Secondary Logon Service improperly handles request handles, enabling local privilege escalation through a crafted application. This requires local access and affects multiple Windows versions (Vista through Windows 10). The vulnerability stems from insufficient validation of handle processing, allowing an authenticated user to elevate their privileges.
Summary generated and translated by AI from the official description.
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 9
githubgithub.com/zcgonvh/MS16-032★ 82cve_referencewww.exploit-db.com/exploits/39719/unverifiedcve_referencewww.exploit-db.com/exploits/39809/unverifiedcve_referencewww.exploit-db.com/exploits/40107/unverifiedexploitdbwww.exploit-db.com/exploits/39809unverifiedexploitdbwww.exploit-db.com/exploits/40107unverifiedexploitdbwww.exploit-db.com/exploits/39719unverifiedcve_referencewww.exploit-db.com/exploits/39574/unverifiedexploitdbwww.exploit-db.com/exploits/39574unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099https://www.exploit-db.com/exploits/39574/https://www.exploit-db.com/exploits/39719/https://www.exploit-db.com/exploits/39809/https://www.exploit-db.com/exploits/40107/http://www.securityfocus.com/bid/84034http://www.securitytracker.com/id/1035210