vulnerability
Microsoft Windows: CVE-2016-3306: Windows Session Object Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Sep 14, 2016 | Jun 10, 2024 | Oct 14, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 14, 2016
Added
Jun 10, 2024
Modified
Oct 14, 2025
Description
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.
Solutions
microsoft-windows-windows_10-1507-kb3185611microsoft-windows-windows_10-1511-kb3185614microsoft-windows-windows_10-1607-kb3189866
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.