CVE-2016-3302

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1, 10 Gold, 10 1511, 10 1607, Windows Server 2012 R2, Windows RT 8.1

Description The issue is related to the incorrect restriction of web content loading when the lock screen is enabled, allowing a local attacker to execute arbitrary code using a specially crafted Wi-Fi access point or mobile-broadband device. This can lead to an elevation of privilege.

Recommendations For Microsoft Windows versions 8.1, 10 Gold, 10 1511, 10 1607, Windows Server 2012 R2, Windows RT 8.1, consider disabling the lock screen feature until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.