CVE-2016-0099 — Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
2022-03-03 • CISA Known Exploited Vulnerability
[event] A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| CWE | CWE-264 |
| CVE ID | CVE-2016-0099 |
| Date Added | 2022-03-03 |
| Due Date | 2022-03-24 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-03-24