Cyber Resilience

CVE-2016-0167

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 12 April 2016

Published
12 April 2016
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1000 93.2th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-0167 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability CVE-2016-0167 resides in the kernel-mode driver component of Microsoft Windows, specifically identified as a Win32k elevation of privilege flaw. It affects Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. The issue permits local users to gain elevated privileges by supplying a crafted application and is distinct from the related flaws CVE-2016-0143 and CVE-2016-0165.

An attacker who can execute code locally on an affected system, such as through a malicious application run by a standard user, can leverage the flaw to obtain higher privileges. The CVSS 7.8 rating indicates a local attack vector with low complexity that requires user interaction but can result in full confidentiality, integrity, and availability impact.

Microsoft security bulletin MS16-039 addresses the issue with available patches for the listed Windows versions and includes mitigation recommendations for administrators.

EU & UK References

Vulnerability details

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain…

more

privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1511
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Least privilege directly blocks the crafted application from obtaining unauthorized kernel-level elevation.

prevent

Access enforcement mechanisms in the kernel would reject the unauthorized privilege escalation attempted via the Win32k flaw.

prevent

Timely installation of the MS16-039 patches eliminates the vulnerable kernel-mode driver code before exploitation.

References