CVE-2016-7220

Vulnerability

CVE-2016-7220 is an information disclosure vulnerability in Virtual Secure Mode (VSM) on Microsoft Windows 10. VSM is a feature that uses hardware virtualization to isolate sensitive code and data from the rest of the operating system. The vulnerability occurs when Windows VSM improperly handles objects in memory, allowing a crafted application to access sensitive information. The affected versions include all supported releases of Windows 10, as per Microsoft Security Bulletin MS16-137 [1].

Exploitation

An attacker must already be authenticated to a local Windows 10 system to exploit this vulnerability. No special privileges beyond a standard user account are required; the attacker can execute a specially crafted application designed to interact with VSM objects in memory. The crafted application must be run locally on the target system [1].

Impact

Successful exploitation of CVE-2016-7220 results in information disclosure. The attacker can obtain sensitive information that is otherwise protected by Virtual Secure Mode, such as credentials or other secrets managed by VSM. The scope of the disclosure is limited to data handled by VSM on the local machine; this does not directly grant code execution or privilege escalation, but the leaked information could be used in further attacks [1].

Mitigation

Microsoft released a security update in MS16-137 (Knowledge Base Article 3199173) to address the vulnerability. The update changes how Windows Virtual Secure Mode handles objects in memory, preventing the information disclosure. All affected Windows 10 systems should apply the update. No workaround is documented. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].