CVE-2016-0099NVD

Vulnerability Summary

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Severity Level

HIGH(7.8)

Published Date

Mar 9, 2016

Last Modified

Apr 22, 2026

Exploitation Status

????

EPSS Score (30-Day)

90.44%Probability

Root Weakness (CWE)

CWE-120: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

http://www.securityfocus.com/bid/84034
http://www.securitytracker.com/id/1035210
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032
https://www.exploit-db.com/exploits/39574/
https://www.exploit-db.com/exploits/39719/
https://www.exploit-db.com/exploits/39809/
https://www.exploit-db.com/exploits/40107/
http://www.securityfocus.com/bid/84034
http://www.securitytracker.com/id/1035210
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032
https://www.exploit-db.com/exploits/39574/
https://www.exploit-db.com/exploits/39719/
https://www.exploit-db.com/exploits/39809/
https://www.exploit-db.com/exploits/40107/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2016-0099NVD

Vulnerability Summary

External References