High severity7.8CISA KEVNVD Advisory· Published Apr 12, 2016· Updated Apr 21, 2026

CVE-2016-0151

Description

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

Affected products

Microsoft/Windows 10 1507
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
Microsoft/Windows 10 1511
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
Microsoft/Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Microsoft/Windows Rt 8.1
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft/Windows Server 20122 versions
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048nvdPatchVendor Advisory
www.exploit-db.com/exploits/39740/nvdExploitThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035544nvdBroken LinkThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.026
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060