CVE-2016-3300

Опубликовано: 09 авг. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka "Netlogon Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/92296
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036576
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92296
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036576
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01741

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-3300

CVSS3: 6.8

msrc

почти 9 лет назад

NetLogon Elevation of Privilege Vulnerability

GHSA-fp3f-j2qm-7hhj