Vulnerability Details : CVE-2016-7255
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
CVE-2016-7255 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Win32k Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2016-7255
Probability of exploitation activity in the next 30 days: 0.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7255
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7255
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7255
-
https://github.com/mwrlabs/CVE-2016-7255
GitHub - mwrlabs/CVE-2016-7255: An exploit for CVE-2016-7255 on Windows 7/8/8.1/10(pre-anniversary) 64 bit
-
https://www.exploit-db.com/exploits/40745/
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
-
http://www.securityfocus.com/bid/94064
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-7255 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255 | McAfee Blogs
-
https://www.exploit-db.com/exploits/40823/
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (1)Exploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41015/
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)
-
http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild - TrendLabs Security Intelligence Blog
-
http://www.securitytracker.com/id/1037251
Windows Kernel-Mode Drivers Multiple Flaws Let Local Users Obtain Potentially Sensitive Information, Bypass ASLR Security Restrictions, and Gain Elevated Privileges - SecurityTracker
-
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Google Online Security Blog: Disclosing vulnerabilities to protect usersThird Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135
Microsoft Security Bulletin MS16-135 - Important | Microsoft Docs
-
http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr Privilege Escalation ≈ Packet Storm
Products affected by CVE-2016-7255
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*