CVE-2016-3223

HIGH

Microsoft Windows - Privilege Escalation via Group Policy LDAP Authentication

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3223. PoCs published by Nabeel Ahmed.

AI-analyzed exploit summary This is a detailed technical writeup describing a privilege escalation vulnerability in Group Policy where an attacker can create a fake Domain Controller to modify local Administrator accounts via User Configuration Group Policies. The steps outline the exploitation process but do not include functional exploit code.

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nabeel Ahmed · textlocalwindows
https://www.exploit-db.com/exploits/40219

This is a detailed technical writeup describing a privilege escalation vulnerability in Group Policy where an attacker can create a fake Domain Controller to modify local Administrator accounts via User Configuration Group Policies. The steps outline the exploitation process but do not include functional exploit code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows 7 Professional (x32/x64) with Group Policy
Auth required
Prerequisites: Standard Domain Member configuration · Valid domain user credentials · Network access to target · Fake Domain Controller setup
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036100
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40219/

Scores

CVSS v3 8.1
EPSS 0.2109
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (10)
microsoft/windows_10
microsoft/windows_10 1511
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_vista
Published Jun 16, 2016
Tracked Since Feb 18, 2026