Microsoft Windows Kernel Local Elevation Of Privilege Vulnerability (CVE-2016-0079)

A local privilege escalation vulnerability was discovered within Microsoft Windows. It abuses the issue that a registry hive file will be opened in write mode if opening it in read mode fails. This, combined with the fact that the log files created when opening a hive in write mode are effectively owned by the system yet can also be modified by a user, allows normal users to overwrite critical system files. Successful exploitation of this issue may lead to local privilege escalation.