CVE-2016-0099

CVE Database · CVE-2016-0099

CVE-2016-0099

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

37.16%

Published

Mar 9, 2016

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (6)

All weaponized →

Exploit-DBMicrosoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)Exploit-DBMicrosoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)Exploit-DBMicrosoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)Exploit-DBMicrosoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)TrickestTrickest PoC index GitHub PoCzcgonvh/MS16-032★82

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120CWE-120

Affected Products (9)

microsoft · windows_10_1507vulnerable

microsoft · windows_10_1511vulnerable

microsoft · windows_7vulnerable

microsoft · windows_8.1vulnerable

microsoft · windows_server_2008vulnerable

microsoft · windows_server_2012vulnerable

microsoft · windows_vistavulnerable