Beschreibung
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges or bypass security restrictions.
Below is a complete list of vulnerabilities
- An improper memory contents disclosure at Windows Graphics Device Interface (GDI) component can be exploited remotely via a specially designed content to obtain sensitive information;
- An improper memory objects handling at Windows GDI components can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper memory objects handling at Windows Imaging Component can be exploited remotely via a specially designed content to execute arbitrary code;
- An unknown vulnerability at Windows Journal can be exploited remotely via a specially crafted Journal file to execute arbitrary code;
- An improper memory objects handling at Windows Shell can be exploited remotely via a specially designed content to execute arbitrary code;
- An improper input data validating before loading certain libraries can be exploited by logged in user via a specially crafted application to execute arbitrary code;
- An improper certain symbolic links parsing at Windows Kernel can be exploited by logged in user via a specially crafted application to elevate privileges;
- An improper memory deallocation can be exploited remotely via a specially crafted RPC requests to elevate privileges;
- An improper memory objects handling at Windows kernel-mode driver can be exploited by logged in user via a specially crafted application to elevate privileges;
- An unknown vulnerability at Windows kernel can be exploited by logged in user via a specially crafted application to bypass security feature;
- An improper memory handling at DirectX Graphics kernel subsystem can be exploited locally via a specially crafted application to elevate privileges;
- An unknown vulnerability can be exploited locally via a specially crafted application to bypass security feature;
- An improper binding of the mounted USB and user session can be exploited remotely to obtain sensitive information from USB disk;
- An unspecified vulnerability in Windows Media Center can be exploited remotely via specially crafted file to execute arbitrary code.
Technical details
To workaround vulnerability (1) you can disable metafile processing. For further instructions you can read MS16-055 Microsoft advisory listed below.
Vulnerability (2) related to Direct3D and another unknown component.
To workaround vulnerability (4) do not open Windows Journal (.jnt) files that you receive from untrusted sources, remove the .jnt file type association, remove Windows Journal by disabling the Windows feature that installs it or deny access to Journal.exe. For further instructions you can read MS16-056 Microsoft advisory listed below.
Vulnerability (8) related to Remote Procedure Call (RPC) Network Data Representation (NDR) Engine.
Vulnerability (10) allows malicious user to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass and to retrieve the memory address of a kernel object.
Vulnerability (11) related to dxgkrnl.sys. It caused by improperly handling of memory objects and incorrectly mapping of kernel memory.
Vulnerability (12) allows malicious user to mark certain kernel-mode pages as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled.
Vulnerability (13) exists when a USB disk is mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX.
Ursprüngliche Informationshinweise
- CVE-2016-0189
- CVE-2016-0187
- CVE-2016-0181
- CVE-2016-0197
- CVE-2016-0196
- CVE-2016-0195
- CVE-2016-0152
- CVE-2016-0168
- CVE-2016-0176
- CVE-2016-0174
- CVE-2016-0175
- CVE-2016-0180
- CVE-2016-0173
- CVE-2016-0170
- CVE-2016-0171
- CVE-2016-0190
- CVE-2016-0184
- CVE-2016-0169
- CVE-2016-0182
- CVE-2016-0178
- CVE-2016-0179
CVE Liste
- CVE-2016-0185 critical
- CVE-2016-0189 critical
- CVE-2016-0187 critical
- CVE-2016-0181 critical
- CVE-2016-0197 critical
- CVE-2016-0196 critical
- CVE-2016-0195 critical
- CVE-2016-0152 critical
- CVE-2016-0168 critical
- CVE-2016-0176 critical
- CVE-2016-0174 critical
- CVE-2016-0175 critical
- CVE-2016-0180 critical
- CVE-2016-0173 critical
- CVE-2016-0170 critical
- CVE-2016-0171 critical
- CVE-2016-0190 critical
- CVE-2016-0184 critical
- CVE-2016-0169 critical
- CVE-2016-0182 critical
- CVE-2016-0178 critical
- CVE-2016-0179 critical
KB Liste
- 3156421
- 3156059
- 3156016
- 3153704
- 3155784
- 3156387
- 3156013
- 3141083
- 3156019
- 3155178
- 3153171
- 3156017
- 3153199
- 3155413
- 3158991
- 3150220
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com