CVE-2016-3300

EUVD-2016-4332
The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka "Netlogon Elevation of Privilege Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 8.1
(x64, x86)
KB3177108
Windows RT 8.1
All
KB3177108
Windows Server 2012
Server Core
KB3177108
Standard
KB3177108
Windows Server 2012 R2
Server Core
KB3177108
Standard
KB3177108
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92296
http://www.securitytracker.com/id/1036576
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101
http://www.securityfocus.com/bid/92296
http://www.securitytracker.com/id/1036576
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101