CVE-2016-0151
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
CVSS
—
No CVSS
EPSS
63.2%
p99
KEV
YES
Mar 28, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
63.2%EPSS · 30 days63.2%
2026-06-302026-07-16
Product
Microsoft / Client-Server Run-time Subsystem (CSRSS)
Vulnerability
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
Added to KEV
Mar 28, 2022
Remediate by
Apr 18, 2022
Known ransomware use
Yes
Summary description
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0151
No related CVEs by CWE or product.