Endpoint Vulnerability

Microsoft: Windows NTLM Elevation of Privilege Vulnerability

Description

A local elevation of privilege vulnerability exists when Windows fails to properly handle NTLM password change requests. An attacker who successfully exploited this vulnerability could elevate the attacker's permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. The attacker could subsequently attempt to elevate privilege by locally executing a specially crafted application designed to manipulate NTLM authentication requests. The update addresses the vulnerability by updating Windows NTLM to harden the password change cache.

Affected Products

Windows RT 8.1,Windows Vista x64 Edition Service Pack 2,Windows Server 2016,Windows Server 2012,Windows 8,Windows 7,Windows 10,Windows Server 2008,Windows Vista Service Pack 2

References

CVE-2016-7238,