Vulnerability Description
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 1507 | - |
| Microsoft | Windows 10 1511 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Rt 8.1 | - |
| Microsoft | Windows Server 2012 | - |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1035544Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-04PatchVendor Advisory
- https://www.exploit-db.com/exploits/39740/ExploitThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035544Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-04PatchVendor Advisory
- https://www.exploit-db.com/exploits/39740/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-US Government Resource
FAQ
What is CVE-2016-0151?
CVE-2016-0151 is a vulnerability with a CVSS score of 7.8 (HIGH). The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users...
How severe is CVE-2016-0151?
CVE-2016-0151 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0151?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1511, Microsoft Windows 8.1, Microsoft Windows Rt 8.1, Microsoft Windows Server 2012.