==================================================================== CERT-Renater Note d'Information No. 2016/VULN285 _____________________________________________________________________ DATE : 10/08/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions Vista, Server 2008, 7, 8.1, Server 2012RT 8.1, 10, running Windows Kernel-Mode Drivers. ===================================================================== KB3178466 https://technet.microsoft.com/en-us/library/security/MS16-098 ____________________________________________________________________ Microsoft Security Bulletin MS16-098 - Important: Security Update for Windows Kernel-Mode Drivers (3178466) Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. This security update is rated Important for all supported releases of Windows. Affected Software Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows RT 8.1 [1] Windows 10 [2] Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) [1] This update is only available via Windows Update. [2] Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Vulnerability Information Multiple Win32k Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Win32k Elevation of Privilege Vulnerability CVE-2016-3308 No No Win32k Elevation of Privilege Vulnerability CVE-2016-3309 No No Win32k Elevation of Privilege Vulnerability CVE-2016-3310 No No Win32k Elevation of Privilege Vulnerability CVE-2016-3311 No No ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================