SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Handle Validation Flaw Lets Local Users Obtain System Privileges
SecurityTracker Alert ID:  1035209
SecurityTracker URL:  http://securitytracker.com/id/1035209
CVE Reference:   CVE-2016-0087   (Links to External Site)
Date:  Mar 8 2016
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A local user can gain system privileges on the target system.

Microsoft Windows does not properly sanitize handles. A local user can gain System level privileges on the target system.

Meysam Firozi @R00tkitSmm reported this vulnerability.

Impact:   A local user can obtain System privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=be33c144-d35c-48f2-ac93-97588d628cd8

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=c4bc7efc-f753-44e0-8ff4-db9598f9602c

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=b550fa13-bf54-4533-819e-59bc6ef2b9cf

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=fe447bac-5842-4ee5-8567-d5c8352ec07f

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=f7f975f0-aff4-4cc8-abc4-6ddb10681af9

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=016eb486-a72e-469c-83fb-bba8339883a1

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=e4e254b2-6246-4b87-a19f-0fb6aa9dd559

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2f2787aa-7fd1-4918-b380-b98b7fab50e7

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=f241eab1-6d01-49c8-946c-39ae487d2351

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-031

Vendor URL:  technet.microsoft.com/library/security/ms16-031 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC