
====================================================================

                               CERT-Renater

                   Note d'Information No. 2016/VULN196
_____________________________________________________________________

DATE                : 11/05/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows version Server 2012, 8.1, RT 8.1, 10
                         running Windows Shell.

======================================================================
KB3156987
https://technet.microsoft.com/en-us/library/security/MS16-057
____________________________________________________________________

MS16-057: Security Update for Windows Shell (3156987)

Document Metadata

Bulletin Number: MS16-057

Bulletin Title: Security Update for Windows Shell

Severity: Critical

KB Article: 3156987

Version: 1.0

Published Date: May 10, 2016


Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The
vulnerability could allow remote code execution if an attacker
successfully convinces a user to browse to a specially crafted website
that accepts user-provided online content, or convinces a user to open
specially crafted content.

This security update is rated Critical for all supported releases of
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and
Windows 10.


Affected Software

Windows 8.1
Windows Server 2012 R2
Windows RT 8.1
Windows 10


Vulnerability Information

Windows Shell Remote Code Execution Vulnerability - CVE-2016-0179

A remote code execution vulnerability exists when Windows Shell
improperly handles objects in memory. An attacker who successfully
exploited this vulnerability could execute arbitrary code and take
control of the affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with
full user rights. Users whose accounts are configured to have fewer
user rights on the system could be less impacted than users who operate
with administrative user rights.

In a web-based attack scenario, an attacker could host a website that
is used to attempt to exploit the vulnerability. In addition,
compromised websites and websites that accept or host user-provided
content could contain specially crafted content that could exploit this
vulnerability. An attacker would have no way to force users to visit a
specially crafted website. Instead, an attacker would have to convince
users to visit the website, typically by getting them to click a link
in an email or Instant Messenger message that takes them to the
attacker's site. The security update fixes this vulnerability by
correcting how Windows Shell handles objects in memory.

The following table contains links to the standard entry for each
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title    CVE number	Publicly disclosed   Exploited
Windows Shell Remote
Code Execution Vulnerability	CVE-2016-0179	No	No

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================