By zerosday cve bot•June 22, 2023•
cves
CVE-2016-0165: Microsoft Win32k Privilege Escalation Vulnerability (Pentest Lab Guide)
CVE-2016-0165: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-26T21:59:17.847Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.
- Context preserved from previous revision: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167. Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
Technical Details
- CVE: CVE-2016-0165
- KEV date added: 2023-06-22
- KEV due date: 2023-07-13
- NVD published: Unknown
- NVD modified: Unknown
- MITRE modified: 2025-10-21
- CVSS base score: N/A
- CVSS vector: N/A
- CVSS exploitability score: N/A
- CVSS impact score: N/A
- Attack vector: Unknown
- Attack complexity: Unknown
- Privileges required: Unknown
- User interaction: Unknown
- Scope: Unknown
- Confidentiality impact: Unknown
- Integrity impact: Unknown
- Availability impact: Unknown
Versions and Products Impacted
- n/a / n/a (versions: n/a)
Weakness Classification
- CWE-noinfo Not enough information
Repositories for Lab Validation (Public Examples)
- No public repository matched this CVE query in the current run.
People and Organizations Mentioned
- microsoft
- Win32k
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Create low-privilege users on n/a / n/a (versions: n/a) and validate that patching blocks unauthorized admin-level actions.
- Compare token/privilege transitions in Windows Event Logs before and after remediation.
- Tune detections for unusual group membership changes and SYSTEM-level process launches from user sessions.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2016-0165
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2016-0165
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039; https://nvd.nist.gov/vuln/detail/CVE-2016-0165
- http://www.securitytracker.com/id/1035529
- https://www.exploit-db.com/exploits/44480/
- http://www.securitytracker.com/id/1035532
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0165
This content is for defensive security training and authorized validation only.