Vulnerability Description
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 1507 | - |
| Microsoft | Windows 10 1511 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Vista | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/84034Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035210Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-03PatchVendor Advisory
- https://www.exploit-db.com/exploits/39574/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39719/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39809/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40107/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/84034Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035210Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-03PatchVendor Advisory
- https://www.exploit-db.com/exploits/39574/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39719/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/39809/ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/40107/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-US Government Resource
FAQ
What is CVE-2016-0099?
CVE-2016-0099 is a vulnerability with a CVSS score of 7.8 (HIGH). The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 151...
How severe is CVE-2016-0099?
CVE-2016-0099 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0099?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1511, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Server 2008.