Vulnerability Description
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | All versions |
| Microsoft | Windows Rt 8.1 | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92852
- http://www.securitytracker.com/id/1036798
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11
- http://www.securityfocus.com/bid/92852
- http://www.securitytracker.com/id/1036798
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11
FAQ
What is CVE-2016-3352?
CVE-2016-3352 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via...
How severe is CVE-2016-3352?
CVE-2016-3352 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3352?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Rt 8.1.