#VU121 Windows file system security feature bypass in Windows and Windows Server - CVE-2016-3258

Cybersecurity Help s.r.o.

Published: 2016-07-13 | Updated: 2017-02-03

Vulnerability identifier: #VU121

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-3258

CWE-ID: CWE-229

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a local attacker to bypass certain security restrictions.

The vulnerability exists in windows kernel due to an error, which can be used to bypass file path-based checks from a low integrity application using time of check time of use (TOCTOU) issues. A local attacker can potentially modify files outside of a low integrity level application.

Successful exploitation of this vulnerability requires usage of another vulnerability, which allows to compromise the sandbox process from a low integrity application.

Mitigation

To resolve this vulnerability vendor recommends installing the following updates:

Windows 8.1

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
Windows Server 2012 R2

Windows RT 8.1

Use Windows Update to obtain patch KB3172727

Windows 10

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems

Server Core installation option

Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)