Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-0099

Published: 09/03/2016 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 741
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows Vista

Vulnerability Summary

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows vista

microsoft windows 8.1 -

microsoft windows 10 -

microsoft windows server 2012 r2

microsoft windows 7 -

microsoft windows server 2008

microsoft windows server 2012 -

microsoft windows 10 1511

microsoft windows server 2008 r2

microsoft windows rt 8.1 -

Exploits

Exploit DB: MS16-032 Secondary Logon Handle Privilege Escalation
This Metasploit module exploits the lack of sanitization of standard handles in Windows' Secondary Logon Service The vulnerability is known to affect versions of Windows 7-10 and 2k8-2k12 32 and 64 bit This Metasploit module will only work against those versions of Windows with Powershell 20 or later and systems with two or more CPU cores ...
Exploit DB: Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
/* Sources: bugschromiumorg/p/project-zero/issues/detail?id=687 googleprojectzeroblogspotca/2016/03/exploiting-leaked-thread-handlehtml Windows: Secondary Logon Standard Handles Missing Sanitization EoP Platform: Windows 81, Windows 10, not testing on Windows 7 Class: Elevation of Privilege Summary: The SecLogon service doe ...
Exploit DB: Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)
# Exploit Title: Microsoft Windows 7-10 &amp; Server 2008-2012 - Local Privilege Escalation (x32/x64) (MS16-032) (C#) # Date: 2016-04-25 # Author: @fdiskyou # e-mail: rui at deniableorg # Original exploit: wwwexploit-dbcom/exploits/39719/ # All credits go to @FuzzySec # C# version with @FuzzySec powershell code which does not rely on po ...
Exploit DB: Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/payload_generator' require 'msf/core/exploit/powershell' require 'rex' class MetasploitModule &lt; Msf::Exploit::Local Rank = NormalRanking include Msf::Exploit::Powers ...
Exploit DB: Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)
function Invoke-MS16-032 { &lt;# SYNOPSIS PowerShell implementation of MS16-032 The exploit targets all vulnerable operating systems that support PowerShell v2+ Credit for the discovery of the bug and the logic to exploit it go to James Forshaw (@tiraniddo) Targets: * Win7-Win10 &amp; 2k8-2k12 &lt;== 32/64 bit ...

Github Repositories

https://github.com/zcgonvh/MS16-032

MS16-032(CVE-2016-0099) for SERVICE ONLY

MS16-032(CVE-2016-0099) for SERVICE ONLY this exploit can only use on SERVICE do logical exploit,on logical exploits

https://github.com/jenriquezv/OSCP-Cheat-Sheets-Windows

OSCP Cheat Sheets Windows Preparation for OSCP gistgithubcom/m8r0wn/b6654989035af20a1cb777b61fbc29bf 0xspcom/offensive/privilege-escalation-cheatsheet pentestingzeyu2001com/proving-grounds/get-to-work/nickel githubcom/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalationmd \ http

Recent Articles

On the trail of the XMRig miner
Securelist • Anton Kuzmenko • 22 Oct 2020

As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig. Alongside well-known groups that make money from data theft and ransomware (for example, Maze, which is suspected of the recent attacks on SK Hynix and LG Electronics), many would-be attackers are attracted by the high-profile successes of cybercri...

Read more...

References

CWE-264http://www.securityfocus.com/bid/84034https://www.exploit-db.com/exploits/39809/https://www.exploit-db.com/exploits/39719/http://www.securitytracker.com/id/1035210https://www.exploit-db.com/exploits/40107/https://www.exploit-db.com/exploits/39574/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032https://nvd.nist.govhttps://github.com/zcgonvh/MS16-032https://packetstormsecurity.com/files/137881/MS16-032-Secondary-Logon-Handle-Privilege-Escalation.htmlhttps://www.exploit-db.com/exploits/39574/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook