==================================================================== CERT-Renater Note d'Information No. 2016/VULN349 _____________________________________________________________________ DATE : 14/10/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions 10 running Diagnostics Hub. ===================================================================== KB3193229 https://technet.microsoft.com/en-us/library/security/MS16-125 ____________________________________________________________________ Microsoft Security Bulletin MS16-125 - Important Security Update for Diagnostics Hub (3193229) Published: October 11, 2016 Version: 1.0 Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. This security update is rated Important for all supported editions of Windows 10. Affected Software Windows 10 Vulnerability Information Windows Diagnostics Hub Elevation of Privilege CVE-2016-7188 An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecure library loading behavior. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting an input sanitization error to preclude unintended elevation of privilege. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Windows Diagnostics Hub Elevation of Privilege CVE-2016-7188 No No ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================