CVE-2016-7255

HIGH
2016-11-10 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:15 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 00:15 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 00:15 nvd
Patch available
CVE Published
Nov 10, 2016 - 07:00 nvd
HIGH 7.8

Tags

Windows

Description

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Analysis

The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.

Technical Context

The win32k.sys vulnerability allows local code execution in kernel mode through crafted application interaction with the Window Manager subsystem. The exploit was part of a multi-vulnerability attack chain used by Russian state-sponsored actors.

Affected Products

['Microsoft Windows Vista SP2 through Windows 10 1607', 'Microsoft Windows Server 2008 SP2 through Server 2016', 'Microsoft Windows RT 8.1']

Remediation

Apply Microsoft security update MS16-135. Enable kernel exploit mitigations. Monitor for APT28/Sofacy indicators of compromise.

Priority Score

208
Low Medium High Critical
KEV: +50
EPSS: +89.4
CVSS: +39
POC: +20

Share

CVE-2016-7255 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy