Vulnerabilities > Microsoft > Windows Server 2016

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-7226 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7225 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7224 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7223 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7222 7PK - Security Features vulnerability in Microsoft Windows 10 and Windows Server 2016
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-254
7.8
2016-11-10 CVE-2016-7221 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-11-10 CVE-2016-7218 Information Exposure vulnerability in Microsoft products
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."
local
high complexity
microsoft CWE-200
4.7
2016-11-10 CVE-2016-7217 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
8.8
2016-11-10 CVE-2016-7215 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-11-10 CVE-2016-7214 Information Exposure vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3