CVE-2016-0040
Published: 10 February 2016
Summary
CVE-2016-0040 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
The vulnerability is an elevation of privilege flaw in the Windows kernel, tracked as CVE-2016-0040 and also known as the Windows Elevation of Privilege Vulnerability. It affects Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1. The issue permits a local attacker to execute a specially crafted application that results in higher privileges on the affected system, with a CVSS 3.1 base score of 7.8 reflecting local access, low attack complexity, and high impact on confidentiality, integrity, and availability.
An attacker with the ability to run code on a vulnerable system can exploit the flaw by supplying a crafted application. Because the vector is local and requires no prior privileges, a standard user who launches the malicious application can obtain elevated rights, potentially allowing full control over the target machine.
Microsoft addressed the issue in security bulletin MS16-014, which provides patches for the listed Windows versions. The bulletin and associated SecurityTracker entries recommend applying the updates to eliminate the vulnerability. Public exploit code for the issue has been published on Exploit-DB.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-0078
Vulnerability details
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
- CWE(s)
- KEV Date Added
- 28 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (MS16-014) that eliminates the kernel EoP flaw.
Enforces least privilege so a successful local exploit yields minimal additional rights on the affected Windows kernel.
Mandates kernel-level access enforcement that the vulnerability bypasses when a crafted application is executed.