Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.
AnalysisAI
The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.
Technical ContextAI
The win32k.sys vulnerability involves improper handling of window objects in the kernel-mode graphics subsystem. A crafted application can trigger a condition that allows writing to kernel memory, enabling token replacement for privilege escalation.
RemediationAI
Apply Microsoft security update MS16-039. Deploy Windows Defender Exploit Guard with ASR rules to limit win32k attack surface from sandboxed processes.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today