CISA Known Exploited Vulnerability

CVE-2016-3351 Ransomware

Microsoft · Internet Explorer and Edge

Microsoft Internet Explorer and Edge Information Disclosure Vulnerability

Date added 2022-05-24

BOD 22-01 due date 2022-06-14

CWE CWE-200

Ransomware Known

CISA description

An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2016-3351

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2016-3351
CVE.org · CVE-2016-3351
CISA KEV catalog (canonical)