Home

CVE-2016-0151

Description

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka Windows CSRSS Security Feature Bypass Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
44.069

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Edge Elevation of Privilege Vulnerability for Windows 10 for x64-based Systems (KB3147461) - CumulativeWindows
Microsoft Edge Elevation of Privilege Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3147458) - CumulativeWindows
Microsoft Edge Elevation of Privilege Vulnerability for Windows 10 Version 1511 (KB3147458) - CumulativeWindows
Windows CSRSS Security Feature Bypass Vulnerability for Windows Server 2012 (KB3146723)Windows
Windows CSRSS Security Feature Bypass Vulnerability for Windows 8.1 for x64-based Systems (KB3146723)Windows
Windows CSRSS Security Feature Bypass Vulnerability for Windows 8.1 (KB3146723)Windows
Microsoft Edge Elevation of Privilege Vulnerability for Windows 10 (KB3147461)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-20358Cumulative Update for Windows 10 for x64-based Systems (KB3147461)
PATCH-20360Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3147458)
PATCH-20359Cumulative Update for Windows 10 Version 1511 (KB3147458)
PATCH-20472Security Update for Windows Server 2012 (KB3146723) (Deployment-Only)
PATCH-20473Security Update for Windows 8.1 for x64-based Systems (KB3146723) (Deployment-Only)
PATCH-20471Security Update for Windows 8.1 (KB3146723) (Deployment-Only)
PATCH-20357Cumulative Update for Windows 10 (KB3147461)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234