CVE-2016-3309 – Microsoft / Windows – Privilege escalation

December 20, 2021

CVE-2016-3309 is an improper access control vulnerability impacting multiple products and versions of Microsoft Windows. An exploit was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via Vimeo.

Summary:

CVE-2016-3309 is an improper access control vulnerability impacting multiple products and versions of Microsoft Windows. An exploit was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via Vimeo.

PoC Links(if available):

GitHub commit exploit –
https://github.com/siberas/CVE-2016-3309_Reloaded

Known Counter Measures:

Microsoft addressed the vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Links to patches(if available)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098

You may have missed

news

Bank of England U-Turns on Critical Third Party Vulnerability Disclosure Rules

November 15, 2024
news

Sitting Ducks DNS Attacks Threaten Over 1 Million Global Domains

November 15, 2024
news

API Security Threats: 83% of Companies Experience Security Incidents

November 15, 2024
news

Microsoft Power Pages: Misconfiguration Risks and Data Exposure

November 15, 2024
news

Telecom Hack Exposes US Officials: Chinese Espionage Campaign Unveiled

November 15, 2024