The Badlock vulnerability.
Vulnerability details
Advisory: SB2016041203 - Multiple vulnerabilities in Microsoft Windows
Vulnerable component: Windows
CVE-ID: CVE-2016-0165
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Description:
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper handling of objects in memory by the kernel-mode driver. A local attacker can run a specially crafted program, gain elevated privileges and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Public Exploits:
External links:
https://technet.microsoft.com/en-us/library/security/ms16-039.aspx
https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/
http://www.networkworld.com/article/3054645/security/microsoft-rated-6-of-13-security-updates-as-cri...
https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-frui...
http://www.infoworld.com/article/3055572/security/dont-let-badlock-distract-you-from-real-vulnerabil...
http://news.softpedia.com/news/microsoft-releases-critical-windows-edge-browser-office-security-upda...
https://www.infosecurity-magazine.com/news/patch-tuesday-badlock-bulletin/