VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Nov 10, 2016· Updated May 6, 2026

CVE-2016-7223

CVE-2016-7223

Description

VHD driver in Microsoft Windows improperly restricts file access, allowing local privilege escalation via crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

VHD driver in Microsoft Windows improperly restricts file access, allowing local privilege escalation via crafted application.

Vulnerability

The Virtual Hard Disk (VHD) driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 fails to properly restrict access to files [1]. This allows a local user to exploit the driver through a crafted application, leading to privilege escalation.

Exploitation

An attacker must have valid local user credentials and be able to execute a crafted application on the system. No additional user interaction is required; the application directly interacts with the VHD driver to manipulate files in restricted locations [1].

Impact

Successful exploitation grants the attacker elevated privileges, enabling them to read, write, or delete files that are normally restricted, potentially leading to full system compromise [1].

Mitigation

Microsoft released security update MS16-138 on November 8, 2016, which addresses this vulnerability by correcting how the kernel API restricts file access [1]. All affected Windows versions should apply this update.

References
  1. Microsoft Security Bulletin MS16-138 - Important

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Microsoft/Windows 10 19093 versions
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • Microsoft/Windows 8.1
    cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • Microsoft/Windows Rt 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
  • Microsoft/Windows Server 20122 versions
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2016
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  • Microsoft/Windowsllm-fuzzy
    Range: Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows 10, Windows Server 2016

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.