Microsoft Windows 10 Diagnostics Hub access control

A vulnerability, which was classified as critical, was found in Microsoft Windows 10 (Operating System). This affects some unknown processing of the component Diagnostics Hub. Applying the patch MS16-125 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field10/12/2016 10:54 AM05/07/2019 08:39 PM09/23/2022 10:07 AM
typeOperating SystemOperating SystemOperating System
vendorMicrosoftMicrosoftMicrosoft
nameWindowsWindowsWindows
version101010
componentDiagnostics HubDiagnostics HubDiagnostics Hub
cwe264 (access control)264 (access control)264 (access control)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.15.15.1
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.87.87.8
cvss3_meta_tempscore7.07.07.4
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore7.07.07.0
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
locationTechnetTechnetTechnet
typeBulletinBulletinBulletin
urlhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspx
identifierMS16-125MS16-125MS16-125
price_0day$25k-$100k$25k-$100k$25k-$100k
namePatchPatchPatch
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
patch_nameMS16-125MS16-125MS16-125
patch_urlhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-125.aspx
cveCVE-2016-7188CVE-2016-7188CVE-2016-7188
cve_nvd_published147631680014763168001476316800
securityfocus933599335993359
securityfocus_titleMicrosoft Windows Diagnostics Hub CVE-2016-7188 Local Privilege Escalation VulnerabilityMicrosoft Windows Diagnostics Hub CVE-2016-7188 Local Privilege Escalation VulnerabilityMicrosoft Windows Diagnostics Hub CVE-2016-7188 Local Privilege Escalation Vulnerability
exploitdb405624056240562
nessus_id940089400894008
nessus_nameMS16-125: Security Update for Windows Diagnostic Hub (3193229)MS16-125: Security Update for Windows Diagnostic Hub (3193229)MS16-125: Security Update for Windows Diagnostic Hub (3193229)
nessus_filenamesmb_nt_ms16-125.naslsmb_nt_ms16-125.naslsmb_nt_ms16-125.nasl
nessus_riskHighHighHigh
nessus_familyWindows : Microsoft BulletinsWindows : Microsoft BulletinsWindows : Microsoft Bulletins
nessus_typelocallocallocal
nessus_date1476230400 (10/12/2016)1476230400 (10/12/2016)1476230400 (10/12/2016)
openvas_id802074802074802074
openvas_filenamegb_ms16-125.naslgb_ms16-125.naslgb_ms16-125.nasl
openvas_titleMicrosoft Windows Diagnostics Hub Privilege Elevation Vulnerability (3193229)Microsoft Windows Diagnostics Hub Privilege Elevation Vulnerability (3193229)Microsoft Windows Diagnostics Hub Privilege Elevation Vulnerability (3193229)
openvas_familyWindows : Microsoft BulletinsWindows : Microsoft BulletinsWindows : Microsoft Bulletins
seealso879528795287952
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore7.87.87.8
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
person_nameJames ForshawJames Forshaw
company_nameGoogle Project ZeroGoogle Project Zero
availability11
publicity11
urlhttps://www.exploit-db.com/exploits/40562/https://www.exploit-db.com/exploits/40562/
cve_assigned1473379200 (09/09/2016)1473379200 (09/09/2016)
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknown
sectracker1036997
cve_nvd_summaryThe Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
cvss2_nvd_basescore7.2

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!