Microsoft Windows 10 Kernel information disclosure

A vulnerability, which was classified as problematic, has been found in Microsoft Windows 10 (Operating System). Affected by this issue is an unknown code block of the component Kernel. Applying the patch MS16-124 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field10/12/2016 10:49 AM07/07/2019 05:45 PM09/23/2022 10:03 AM
typeOperating SystemOperating SystemOperating System
vendorMicrosoftMicrosoftMicrosoft
nameWindowsWindowsWindows
version101010
componentKernelKernelKernel
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.43.43.4
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_meta_basescore5.25.25.2
cvss3_meta_tempscore4.74.74.9
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.84.84.8
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iNNN
cvss3_nvd_aNNN
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
locationTechnetTechnetTechnet
typeBulletinBulletinBulletin
urlhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspx
identifierMS16-124MS16-124MS16-124
price_0day$25k-$100k$25k-$100k$5k-$25k
namePatchPatchPatch
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
patch_nameMS16-124MS16-124MS16-124
patch_urlhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-124.aspx
cveCVE-2016-0079CVE-2016-0079CVE-2016-0079
cve_assigned1449187200 (12/04/2015)1449187200 (12/04/2015)1449187200 (12/04/2015)
cve_nvd_published147631680014763168001476316800
securityfocus933579335793357
securityfocus_titleMicrosoft Windows Kernel CVE-2016-0079 Local Privilege Escalation VulnerabilityMicrosoft Windows Kernel CVE-2016-0079 Local Privilege Escalation VulnerabilityMicrosoft Windows Kernel CVE-2016-0079 Local Privilege Escalation Vulnerability
exploitdb406084060840608
nessus_id940139401394013
nessus_nameMS16-124: Security Update for Windows Registry (3193227)MS16-124: Security Update for Windows Registry (3193227)MS16-124: Security Update for Windows Registry (3193227)
nessus_filenamesmb_nt_ms16-124.naslsmb_nt_ms16-124.naslsmb_nt_ms16-124.nasl
nessus_riskLowLowLow
nessus_familyWindows : Microsoft BulletinsWindows : Microsoft BulletinsWindows : Microsoft Bulletins
nessus_typelocallocallocal
nessus_date1476230400 (10/12/2016)1476230400 (10/12/2016)1476230400 (10/12/2016)
openvas_id802074802074802074
openvas_filenamegb_ms16-124.naslgb_ms16-124.naslgb_ms16-124.nasl
openvas_titleMicrosoft Windows Registry Multiple Vulnerabilities (3193227)Microsoft Windows Registry Multiple Vulnerabilities (3193227)Microsoft Windows Registry Multiple Vulnerabilities (3193227)
openvas_familyWindows : Microsoft BulletinsWindows : Microsoft BulletinsWindows : Microsoft Bulletins
qualys_id912889128891288
qualys_titleMicrosoft Windows Security Update for Windows Registry (MS16-124)Microsoft Windows Security Update for Windows Registry (MS16-124)Microsoft Windows Security Update for Windows Registry (MS16-124)
seealso92591 92592 9259392591 92592 9259392591 92592 92593
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore5.05.05.0
discoverydate14761440001476144000
person_nameJames ForshawJames Forshaw
company_nameGoogle Project ZeroGoogle Project Zero
availability11
publicity11
urlhttps://www.exploit-db.com/exploits/40608/https://www.exploit-db.com/exploits/40608/
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknown
cve_nvd_summaryThe kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
cvss2_nvd_basescore2.1

Want to stay up to date on a daily basis?

Enable the mail alert feature now!