Vulnerability Details : CVE-2016-7255
Public exploit exists!
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
Products affected by CVE-2016-7255
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
CVE-2016-7255 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Win32k Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-7255
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2016-7255
89.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7255
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-10 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-25 |
References for CVE-2016-7255
-
https://github.com/mwrlabs/CVE-2016-7255
GitHub - mwrlabs/CVE-2016-7255: An exploit for CVE-2016-7255 on Windows 7/8/8.1/10(pre-anniversary) 64 bitExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/40745/
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94064
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-7255 Local Privilege Escalation VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255 | McAfee BlogsBroken Link
-
https://www.exploit-db.com/exploits/40823/
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (1)Exploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41015/
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)Exploit;Third Party Advisory;VDB Entry
-
http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild - TrendLabs Security Intelligence BlogBroken Link
-
http://www.securitytracker.com/id/1037251
Windows Kernel-Mode Drivers Multiple Flaws Let Local Users Obtain Potentially Sensitive Information, Bypass ASLR Security Restrictions, and Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Google Online Security Blog: Disclosing vulnerabilities to protect usersThird Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135
Microsoft Security Bulletin MS16-135 - Important | Microsoft DocsPatch;Vendor Advisory
-
http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to