
====================================================================

                                CERT-Renater

                    Note d'Information No. 2016/VULN197
_____________________________________________________________________

DATE                : 11/05/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows version Vista, Server 2008 running
                            Windows IIS.

======================================================================
KB3141083
https://technet.microsoft.com/en-us/library/security/MS16-058
____________________________________________________________________

MS16-058: Security Update for Windows IIS (3141083)

Document Metadata

Bulletin Number: MS16-058

Bulletin Title: Security Update for Windows IIS

Severity: Important

KB Article: 3141083

Version: 1.0

Published Date: May 10, 2016

Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The
vulnerability could allow remote code execution if an attacker with
access to the local system executes a malicious application.
This security update is rated Important for all supported releases of
Windows Vista and Windows Server 2008.


Affected Software

Windows Vista
Windows Server 2008


Vulnerability Information

Windows DLL Loading Remote Code Execution Vulnerability - CVE-2016-0152
A remote code execution vulnerability exists when Microsoft Windows
fails to properly validate input before loading certain libraries. An
attacker who successfully exploited this vulnerability could take
control of an affected system. An attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with
administrative user rights.

To exploit the vulnerability, an attacker must first gain access to the
local system and have the ability to execute a malicious application.
The security update addresses the vulnerability by correcting how
Windows validates input when loading certain libraries.

The following table contains links to the standard entry for the
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title	CVE number   Publicly disclosed	  Exploited
Windows DLL Loading Remote
Code Execution Vulnerability	CVE-2016-0152	No	No


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================