CVE-2016-3309
is CVE-2016-3309real, exploitable, or a false positive? Here's the community ground truth.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.
References
Published
Embed this verdict
[](https://www.truepositive.app/cve/CVE-2016-3309)<a href="https://www.truepositive.app/cve/CVE-2016-3309"><img src="https://www.truepositive.app/cve/CVE-2016-3309/badge.svg" alt="TruePositive verdict for CVE-2016-3309"></a>Live badge — updates automatically as the community verdict changes.
Community ground truth
Community verdict
3 verdictsIncludes TruePositive's curated baseline from public sources — community verdicts accrue on top.
Pick your verdict — we'll save it right after a quick sign-in.
Practitioners rate this higher than its CVSS — treat with extra caution.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Microsoft Windows Kernel Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Listed in the CISA KEV catalog (added 2022-03-15) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~21%. Treat it as real and prioritize remediation over triage.
- 0
Required action for Microsoft Windows: Apply updates per vendor instructions. CISA set a federal remediation due date of 2022-04-05. After patching, verify the vulnerable path is no longer reachable before closing the finding.
Related CVEs
Same weakness — CWE-264.
- CVE-2014-6324CVSS 8.8KEVEPSS 87%
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
- CVE-2014-4113CVSS 7.8KEVEPSS 87%
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
- CVE-2016-7255CVSS 7.8KEVEPSS 81%
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
- CVE-2013-0629CVSS 7.5KEVEPSS 66%
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
- CVE-2015-1701CVSS 7.8KEVEPSS 56%
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
- CVE-2014-4077CVSS 7.8KEVEPSS 48%
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.