PT-2016-2933 · Microsoft · Windows Server 2016+2

Published

2016-11-08

Updated

2018-10-12

CVE-2016-7226

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Windows 10 versions 1511 through 1607 Windows Server 2016

Description The issue is caused by incorrect access restriction to files in the virtual hard disk driver of the Windows operating system. This allows a local attacker to gain elevated privileges using a specially crafted application.

Recommendations For Windows 10 versions 1511 through 1607, update to a version that includes the fix for this issue. For Windows Server 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the virtual hard disk driver to minimize the risk of exploitation.

Exploit

Fix

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2016-02364

CVE-2016-7226

Affected Products

Windows

Windows 10

Windows Server 2016

PT-2016-2933 · Microsoft · Windows Server 2016+2

CVE-2016-7226

Weakness Enumeration

Related Identifiers

Affected Products

References · 10