CVE-2016-3266 Microsoft Windows Security Update for Kernel-Mode Drivers (MS16-123)

0daybank资讯【www.0daybank.org】:

漏洞类别:Windows

漏洞等级: 《CVE-2016-3266  Microsoft Windows Security Update for Kernel-Mode Drivers (MS16-123)》

漏洞信息

Multiple elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system.
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.

This security update is rated Important for all supported releases of Windows.

漏洞危害

Successful exploitation could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

解决方案

Customers are advised to refer to MS16-123 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-123

0day

点赞

发表评论