CVE-2016-0099: Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
First published: Wed Mar 09 2016(Updated: )
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Windows 10 | ||
| Windows 10 | =1511 | |
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/84034
- http://www.securitytracker.com/id/1035210
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032
- https://www.exploit-db.com/exploits/39574/
- https://www.exploit-db.com/exploits/39719/
- https://www.exploit-db.com/exploits/39809/
- https://www.exploit-db.com/exploits/40107/
- https://nvd.nist.gov/vuln/detail/CVE-2016-0099
Frequently Asked Questions
What is the severity of CVE-2016-0099?
CVE-2016-0099 has a critical severity rating, indicating a high potential for exploitation.
How do I fix CVE-2016-0099?
To fix CVE-2016-0099, you should install the latest security update provided by Microsoft for the affected Windows versions.
Which systems are affected by CVE-2016-0099?
CVE-2016-0099 affects various Microsoft Windows systems, including Windows Vista, Windows 7, Windows 8.1, Windows 10, and Windows Server editions.
What attackers can achieve with CVE-2016-0099?
Exploiting CVE-2016-0099 allows local users to gain elevated privileges on the affected systems.
Is there a patch available for CVE-2016-0099?
Yes, Microsoft released patches addressing CVE-2016-0099 in their security updates.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- canonical/windows 10
- version/windows 10/1511
- canonical/microsoft windows rt
- version/microsoft windows server/r2-sp1
- canonical/microsoft windows operating system