Oval Definition:oval:org.cisecurity:def:784
Revision Date:2016-07-15Version:31
Title:Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0099 (MS16-032)
Description:The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0099
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):
Definition Synopsis
  • Microsoft Windows Vista/Server 2008 is installed + file version
  • Microsoft Windows Vista/Server 2008 is installed
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Check for file version
  • Check if seclogon.dll version is less than 6.0.6002.19598
  • OR Check for Limited Distribution Release (LDR) file version
  • Check if seclogon.dll version is greater than or equal 6.0.6002.23000
  • AND Check if seclogon.dll version is less than 6.0.6002.23910
  • OR Microsoft Windows 7/Server 2008 R2 is installed + file version
  • Microsoft Windows 7/Server 2008 R2 is installed
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND Check for file version
  • Check if seclogon.dll version is less than 6.1.7601.19148
  • OR Check for Limited Distribution Release (LDR) file version
  • Check if seclogon.dll version is greater than or equal 6.1.7601.23000
  • AND Check if seclogon.dll version is less than 6.1.7601.23348
  • OR Microsoft Windows 8.1/Server 2012 R2 is installed + file version
  • Microsoft Windows 8.1/Server 2012 R2 is installed
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if seclogon.dll version is less than 6.3.9600.18230
  • OR Microsoft Windows Server 2012 is installed + file version
  • Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check for file version
  • Check if seclogon.dll version is less than 6.2.9200.17649
  • OR Check for Limited Distribution Release (LDR) file version
  • Check if seclogon.dll version is greater than or equal 6.2.9200.21000
  • AND Check if seclogon.dll version is less than 6.2.9200.21768
  • OR Microsoft Windows 10 is installed + file version
  • Microsoft Windows 10 is installed
  • Microsoft Windows 10 (32-bit) is installed
  • OR Microsoft Windows 10 (64-bit) is installed
  • AND Check if seclogon.dll version is less than 10.0.10240.16724
  • OR Microsoft Windows 10 Version 1511 is installed + file version
  • Microsoft Windows 10 Version 1511 is installed
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND Check if seclogon.dll version is less than 10.0.10586.162
    • BACK