The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Conclusion & alert: CVE-2016-0099 is rated Critical Active Threat (90.9/100): CVSS High severity, with high exploitation likelihood (EPSS 37.16%, 98th percentile). Core evidence: CISA KEV confirms active exploitation (added 2022-03-03) affecting Microsoft / Windows. a weakness (CWE-120) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability · CISA KEV detail
: 2022-03-03
: 2022-03-24
: Apply updates per vendor instructions.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 40107 | exploit_db | edb | 2016-07-13 | Exploit-DB ↗ |
| 39809 | exploit_db | edb | 2016-04-25 | Exploit-DB ↗ |
| 39719 | exploit_db | edb | 2016-04-21 | Exploit-DB ↗ |
| 39574 | exploit_db | edb | 2016-03-21 | Exploit-DB ↗ |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-16 | 36.91% | 37.16% | +0.25% |
| 2 | 2026-06-15 | 90.44% | 36.91% | -53.53% |
| 3 | 2026-05-09 | — | 90.44% | — |
Full EPSS history (32 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| 7.2 | 2.0 | HIGH |
|
3.9 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| microsoft | windows_10_1507 | — | cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:* |
| microsoft | windows_10_1511 | — | cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:* |
| microsoft | windows_7 | — | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* |
| microsoft | windows_8.1 | — | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2008 | — | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008 | r2 | cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* |
| microsoft | windows_server_2012 | — | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2012 | r2 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* |
| microsoft | windows_vista | — | cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/84034 | Broken Link Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1035210 | Broken Link Third Party Advisory VDB Entry |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032 | Patch Vendor Advisory |
| https://www.exploit-db.com/exploits/39574/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/39719/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/39809/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/40107/ | Exploit Third Party Advisory VDB Entry |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099 | US Government Resource |