CVE-2016-0099

HIGH KEV RANSOMWARE

MS16-032 Secondary Logon Handle Privilege Escalation

Title source: metasploit

Description

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Exploits (7)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/40107

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by fdiskyou · localwindows

https://www.exploit-db.com/exploits/39809

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by b33f · powershelllocalwindows

https://www.exploit-db.com/exploits/39719

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Google Security Research · localwindows_x86

https://www.exploit-db.com/exploits/39574

View Code ZIP pw:eip

nomisec WORKING POC 83 stars

by zcgonvh · local

https://github.com/zcgonvh/MS16-032

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by James Forshaw, b33f · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms16_032_secondary_logon_handle_privesc.rb

View Code ZIP pw:eip

patchapalooza WRITEUP

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

References (8)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/84034

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035210

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39574/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39719/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39809/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40107/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099

Scores

CVSS v3 7.8

EPSS 0.9043

EPSS Percentile 99.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2018-06-01

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2016-0137

Ransomware Use Confirmed

CWE

CWE-120

Status published

Products (9)

microsoft/windows_10_1507

microsoft/windows_10_1511

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_vista

Published Mar 09, 2016

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026