==================================================================== CERT-Renater Note d'Information No. 2016/VULN168 _____________________________________________________________________ DATE : 13/04/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions 8.1, Server 2012, 10 running Windows Hyper-V. ====================================================================== KB3148528 https://technet.microsoft.com/en-us/library/security/MS16-048 _____________________________________________________________________ Microsoft Security Bulletin MS16-048: Security Update for CSRSS (3148528) Bulletin Number: MS16-048 Bulletin Title: Security Update for CSRSS Severity: Important KB Article: 3148528 Version: 1.0 Published Date: April 12, 2016 Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application. This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. The security update addresses the vulnerability by correcting how Windows manages process tokens in memory. Affected Software Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012 Windows Server 2012 R2 Windows RT 8.1 [1] Windows 10 for 32-bit Systems [2] Windows 10 for x64-based Systems [2] Windows 10 Version 1511 for 32-bit Systems [2] Windows 10 Version 1511 for x64-based Systems [2] Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) [1]This update is available via Windows Update. [2]Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Vulnerability Information Windows CSRSS Security Feature Bypass Vulnerability - CVE-2016-0151 A security feature bypass vulnerability exists in Microsoft Windows when the Client-Server Run-time Subsystem (CSRSS) fails to properly manage process tokens in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows manages process tokens in memory. The following table contains a link to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited Windows CSRSS Security Feature Bypass Vulnerability CVE-2016-0151 No No ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================