SB2016103101 - Multiple vulnerabilities in Microsoft Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016103101

SB2016103101 - Multiple vulnerabilities in Microsoft Windows

Published: October 31, 2016 Updated: February 15, 2017

Security Bulletin ID SB2016103101
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2016-7214)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to boundary error when handling objects by the kernel. A local attacker can run a specially crafted program, trigger memory corruption, gain access to important data allowing to bypass Kernel Address Space Layout Randomization (ASLR).

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.


2) Privilege escalation (CVE-ID: CVE-2016-7215)

The vulnerability allows a local user to gain elevated privileges on the target system.

The weakness is due to improper handling of objects in memory by win32k.sys. By running a specially crafted program, a local attacker can trigger memory corruption and execute arbitrary code with system privileges.

Successful explotation of the vulnerability results in privilege escalation.

3) Information disclosure (CVE-ID: CVE-2016-7218)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of objects in memory by bowser.sys. A local attacker can execute a specially crafted program and gain access to important data on the affected system.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.


4) Privilege escalation (CVE-ID: CVE-2016-7246)

The vulnerability allows a local user to gain elevated privileges on the target system.

The weakness is due to improper handling of objects in memory in win32k.sys. By running a specially crafted program, a local attacker can trigger memory corruption and execute arbitrary code with system privileges.

Successful explotation of the vulnerability results in privilege escalation.


5) Privilege escalation (CVE-ID: CVE-2016-7255)

The vulnerability allows a local user to gain elevated privileges on the target system.

The weakness is due to improper handling of objects in memory by win32k.sys. By sending a specially crafted system call NtSetWindowLongPtr(), a local attacker can set index GWLP_ID to WS_CHILD value on a window handle with GWL_STYLE and execute arbitrary code with system privileges.

Successful explotation of the vulnerability results in privilege escalation.

Note: this vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References