CVE-2016-0167
Published: 12 April 2016
Summary
CVE-2016-0167 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability CVE-2016-0167 resides in the kernel-mode driver component of Microsoft Windows, specifically identified as a Win32k elevation of privilege flaw. It affects Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. The issue permits local users to gain elevated privileges by supplying a crafted application and is distinct from the related flaws CVE-2016-0143 and CVE-2016-0165.
An attacker who can execute code locally on an affected system, such as through a malicious application run by a standard user, can leverage the flaw to obtain higher privileges. The CVSS 7.8 rating indicates a local attack vector with low complexity that requires user interaction but can result in full confidentiality, integrity, and availability impact.
Microsoft security bulletin MS16-039 addresses the issue with available patches for the listed Windows versions and includes mitigation recommendations for administrators.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-0205
Vulnerability details
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain…
more
privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Least privilege directly blocks the crafted application from obtaining unauthorized kernel-level elevation.
Access enforcement mechanisms in the kernel would reject the unauthorized privilege escalation attempted via the Win32k flaw.
Timely installation of the MS16-039 patches eliminates the vulnerable kernel-mode driver code before exploitation.