Main Vulnerability Database Vulnerabilities #VU122

#VU122 Windows kernel information disclosure vulnerability in Windows and Windows Server - CVE-2016-3272

Published: July 13, 2016 / Updated: February 3, 2017

Vulnerability identifier: #VU122

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-3272

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect handling of certain page fault system calls in Windows kernel. A local user can disclose information from another process.

Successful exploitation of this vulnerability may allow a local attacker to gain access to potentially sensitive information.

Remediation

To resolve this vulnerability vendor recommends installing the following updates:

Windows 8.1

Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems

Windows Server 2012 and Windows Server 2012 R2

Windows Server 2012
Windows Server 2012 R2

Windows RT 8.1

Use Windows Update to obtain patch KB3172727

Windows 10

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems

Server Core installation option

Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)

External links

https://technet.microsoft.com/en-us/library/security/MS16-092