CVE-2016-3258

MEDIUM

Microsoft Windows 10 - Race Condition

Title source: rule

Description

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036289

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91606

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-092

Scores

CVSS v3 4.7

EPSS 0.0022

EPSS Percentile 44.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-362 CWE-264

Status draft

Affected Products (6)

microsoft/windows_10

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012

Timeline

Published Jul 13, 2016

Tracked Since Feb 18, 2026