Multiple vulnerabilities in Microsoft Windows

Published: 2016-04-12 00:00:00 | Updated: 2017-02-15
Severity High
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2016-0167
CVE-2016-0165
CVE-2016-0145
CVE-2016-0143
CVSSv3 8.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
8.2 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
7.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CWE ID CWE-264
CWE-119
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Vulnerable software Windows
Windows Server
Microsoft Live Meeting
Microsoft Office
Microsoft .NET Framework
Skype for Business
Lync Attendee
Microsoft Lync
Vulnerable software versions Windows Vista
Windows 7
Windows RT 8.1
Windows 8.1
Windows 10
Windows Server 2008 R2
Windows Server 2008
Windows Server 2012 R2
Windows Server 2012
Microsoft Live Meeting 2007 Console
Microsoft Office 2010
Microsoft Office 2007
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Skype for Business 2016
Lync Attendee 2010
Microsoft Lync 2013
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of objects in memory by the kernel-mode driver. A local attacker can run a specially crafted program, gain elevated privileges and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-039

2) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of objects in memory by the kernel-mode driver. A local attacker can run a specially crafted program, gain elevated privileges and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-039

3) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling of malicious embedded fonts. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-039

4) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper handling of objects in memory by the kernel-mode driver. A local attacker can run a specially crafted program, gain elevated privileges and execute arbitrary code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-039

Back to List