Main Vulnerability Database Vulnerabilities #VU121

Windows file system security feature bypass in Windows and Windows Server - CVE-2016-3258

Published: July 13, 2016 / Updated: February 3, 2017

Vulnerability identifier: #VU121

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3258

CWE-ID: CWE-229

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local attacker to bypass certain security restrictions.

The vulnerability exists in windows kernel due to an error, which can be used to bypass file path-based checks from a low integrity application using time of check time of use (TOCTOU) issues. A local attacker can potentially modify files outside of a low integrity level application.

Successful exploitation of this vulnerability requires usage of another vulnerability, which allows to compromise the sandbox process from a low integrity application.

How to mitigate CVE-2016-3258

To resolve this vulnerability vendor recommends installing the following updates:

Windows 8.1

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
Windows Server 2012 R2

Windows RT 8.1

Use Windows Update to obtain patch KB3172727

Windows 10

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems

Server Core installation option

Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)

Sources

https://technet.microsoft.com/en-us/library/security/MS16-092

Windows file system security feature bypass in Windows and Windows Server - CVE-2016-3258

Detailed vulnerability description

How to mitigate CVE-2016-3258

Sources

Please verify you're human