CVE-2016-7223

MEDIUM

Microsoft Windows 10 - Improper Access Control

Title source: rule

Description

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

References (3)

Scores

CVSS v3 6.1
EPSS 0.0091
EPSS Percentile 75.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Classification

CWE
CWE-284
Status published

Affected Products (9)

microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_server_2016
n/a/n/a

Timeline

Published Nov 10, 2016
Tracked Since Feb 18, 2026