vendor:
Windows
by:
FoxGloveSec, breenmachine, Mumbai
7.8
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Windows
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2016-3225
CPE: o:microsoft:windows
Metasploit:
https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-8687/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-8688/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-8689/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-5418/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-6250/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-7166/
Platforms Tested: Windows
2016
Windows Net-NTLMv2 Reflection DCOM/RPC
Module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token.
Mitigation:
Patch MS16-075, apply security updates
