What is the CVSS score of CVE-2016-7255?

CVE-2016-7255 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 89.4%.

Which versions of Microsoft are affected by CVE-2016-7255?

CVE-2016-7255 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2016-7255?

Yes, a public proof-of-concept exploit is available for CVE-2016-7255. Prioritise patching immediately. EPSS: 89.4%.

How to fix or mitigate CVE-2016-7255?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Microsoft CVE-2016-7255

HIGH

2016-11-10 secure@microsoft.com

Information Disclosure Microsoft

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:15 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:15 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 00:15 nvd

Patch available

CVE Published

Nov 10, 2016 - 07:00 nvd

HIGH 7.8

DescriptionCVE.org

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

AnalysisAI

The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.

Technical ContextAI

The win32k.sys vulnerability allows local code execution in kernel mode through crafted application interaction with the Window Manager subsystem. The exploit was part of a multi-vulnerability attack chain used by Russian state-sponsored actors.

RemediationAI

Apply Microsoft security update MS16-135. Enable kernel exploit mitigations. Monitor for APT28/Sofacy indicators of compromise.

CVE-2016-7255 vulnerability details – vuln.today

Back

Microsoft CVE-2016-7255

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code