← Volver a CVEs
CVE-2016-0151
HIGHCISA KEV7.8
Descripcion
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/12/2016
Ultima modificacion4/21/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorMicrosoft
ProductoClient-Server Run-time Subsystem (CSRSS)
Nombre vulnerabilidadMicrosoft Windows CSRSS Security Feature Bypass Vulnerability
Fecha inclusion KEV2022-03-28
Fecha limite remediacion2022-04-18
Uso en ransomwareKnown
Productos afectados
microsoft:windows_10_1507microsoft:windows_10_1511microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2012
Debilidades (CWE)
CWE-269CWE-269
Referencias
http://www.securitytracker.com/id/1035544(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048(secure@microsoft.com)
https://www.exploit-db.com/exploits/39740/(secure@microsoft.com)
http://www.securitytracker.com/id/1035544(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39740/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0151(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.