
====================================================================

                              CERT-Renater

                  Note d'Information No. 2016/VULN194
_____________________________________________________________________

DATE                : 11/05/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows version Vista, 7, 8.1, RT 8.1, 10, Server
                2008, Server 2012 running Microsoft Graphics Component.

======================================================================
KB3156754
https://technet.microsoft.com/en-us/library/security/MS16-055
____________________________________________________________________

MS16-055: Critical - Security Update for Microsoft Graphics Component
(3156754)

Document Metadata

Bulletin Number: MS16-055

Bulletin Title: Security Update for Microsoft Graphics Component

Severity: Critical

KB Article: 3156754

Version: 1.0

Published Date: May 10, 2016

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The
most severe of the vulnerabilities could allow remote code execution if
a user opens a specially crafted document or visits a specially crafted
website. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.
This security update is rated Critical for all supported releases of
Microsoft Windows.


Affected Software

Windows Vista
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2012


Vulnerability Information

Multiple Windows Graphics Component Information Disclosure Vulnerabilities

Information disclosure vulnerabilities exist when the Windows GDI
component improperly discloses the contents of its memory. An attacker
who successfully exploited the vulnerabilities could obtain information
to further compromise the user's system.

There are multiple ways an attacker could exploit the vulnerabilities,
such as by convincing a user to open a specially crafted document, or
by convincing a user to visit an untrusted webpage. The update
addresses the vulnerabilities by correcting how the Windows GDI
component handle objects in memory.
The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:


Vulnerability title   CVE number   Publicly disclosed   Exploited

Windows Graphics Component
Information Disclosure Vulnerability	CVE-2016-0168	No	No
Windows Graphics Component
Information Disclosure Vulnerability	CVE-2016-0169	No	No


Windows Graphics Component RCE Vulnerability - CVE-2016-0170

A remote code execution vulnerability exists when the Windows GDI
component fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could take control of the
affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users
whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user
rights.

There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially
crafted website that is designed to exploit the vulnerability and then
convince a user to view the website. An attacker would have no way to
force users to view the attacker-controlled content. Instead, an
attacker would have to convince users to take action, typically by
getting them to click a link in an email or Instant Messenger message
that takes users to the attacker's website, or by opening an attachment
sent through email.

In a file sharing attack scenario, an attacker could provide a specially
crafted document file that is designed to exploit the vulnerability,
and then convince a user to open the document file. The security update
addresses the vulnerability by correcting how the Windows GDI component
handles objects in the memory.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title	CVE number   Publicly disclosed	   Exploited
Windows Graphics Component
RCE Vulnerability	CVE-2016-0170	No			No


Direct3D Use After Free Vulnerability - CVE-2016-0184

A remote code execution vulnerability exists when the Windows GDI
component fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could take control of the
affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights. Users
whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user
rights.

There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially
crafted website that is designed to exploit the vulnerability and then
convince a user to view the website. An attacker would have no way to
force users to view the attacker-controlled content. Instead, an
attacker would have to convince users to take action, typically by
getting them to click a link in an email or Instant Messenger message
that takes users to the attacker's website, or by opening an attachment
sent through email.

In a file sharing attack scenario, an attacker could provide a specially
crafted document file that is designed to exploit the vulnerability,
and then convince a user to open the document file. The security update
addresses the vulnerability by correcting how the Windows GDI component
handles objects in the memory.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title	CVE number	Publicly disclosed   Exploited

Direct3D Use After Free
Vulnerability	       CVE-2016-0184	No			Yes

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================