CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 18, 2022

CVE-2016-0151

High

EPSS 44.1%CISA KEVRansomware

Microsoft/Client-Server Run-time Subsystem (CSRSS)

Description

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

EPSS — Exploit Probability

44.1%

Higher than 97.5% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2016-0151

Risk Assessment

HIGH

In CISA KEV

Ransomware

Details

Severity: High
EPSS: 44.1%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Mar 28, 2022

Added to KEV

Mar 28, 2022

Remediation Due

Apr 18, 2022

Affected Product

Microsoft

Client-Server Run-time Subsystem (CSRSS)

View all Microsoft CVEs

External Links

NVD (NIST)CVE Details MITRE CVE