Multiple vulnerabilities in Windows Kernel-Mode Drivers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2016-3251 CVE-2016-3286 CVE-2016-3254 CVE-2016-3252 CVE-2016-3250 CVE-2016-3249 |
| CWE-ID | CWE-119 CWE-428 CWE-618 CWE-617 CWE-90 CWE-193 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
This security advisory describes 6 vulnerabilities in Windows kernel-mode drivers, which can be used to gain access to potentially sensitive data and elevate privileges on the system.
1) Information disclosure in Win32k.sys driver
EUVDB-ID: #VU129
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3251
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive data.
The vulnerability exists due to out-of-bounds read in Windows GDI component. A local attacker can gain access to potentially sensitive information on the system
Successful exploitation of this vulnerability will allow a local attacker to read potentially sensitive information on the system.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Vista
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows: Vista - 10
Windows Server: 2008 - 2012 R2
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption in Win32k.sys driver
EUVDB-ID: #VU128
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3286
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists doe to an error in Win32k.sys kernel-mode driver when handling certain objects in memory. A local user can elevate privileges on vulnerable system.
Successful exploitation of this vulnerability will allow a local attacker to executed arbitrary code with SYSTEM privileges.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Vista
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows: Vista - 10
Windows Server: 2008 - 2012 R2
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption in Win32k.sys driver
EUVDB-ID: #VU127
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3254
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists doe to an error in Win32k.sys kernel-mode driver when handling certain objects in memory. A local user can elevate privileges on vulnerable system.
Successful exploitation of this vulnerability will allow a local attacker to executed arbitrary code with SYSTEM privileges.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Vista
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows: Vista - 10
Windows Server: 2008 - 2012 R2
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption in Win32k.sys driver
EUVDB-ID: #VU126
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3252
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists doe to an error in Win32k.sys kernel-mode driver when handling certain objects in memory. A local user can elevate privileges on vulnerable system.
Successful exploitation of this vulnerability will allow a local attacker to executed arbitrary code with SYSTEM privileges.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Vista
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows: Vista - 10
Windows Server: 2008 - 2012 R2
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption in Win32k.sys driver
EUVDB-ID: #VU125
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3250
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists doe to an error in Win32k.sys kernel-mode driver when handling certain objects in memory. A local user can elevate privileges on vulnerable system.
Successful exploitation of this vulnerability will allow a local attacker to executed arbitrary code with SYSTEM privileges.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Server 2012
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Vulnerable software versionsWindows Server: 2012
Windows: 10
CPE2.3https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption in Win32k.sys driver
EUVDB-ID: #VU124
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3249
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists doe to an error in Win32k.sys kernel-mode driver when handling certain objects in memory. A local user can elevate privileges on vulnerable system.
Successful exploitation of this vulnerability will allow a local attacker to executed arbitrary code with SYSTEM privileges.
MitigationTo resolve this vulnerability vendor recommends installing the following updates:
Windows Vista
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Use Windows Update to obtain patch.
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Windows: Vista - 10
Windows Server: 2008 - 2012 R2
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/MS16-090
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
