SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Secondary Logon Service Handle Processing Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035210
SecurityTracker URL:  http://securitytracker.com/id/1035210
CVE Reference:   CVE-2016-0099   (Links to External Site)
Date:  Mar 8 2016
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT 8.1, 10; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Secondary Logon Service. A local user can obtain elevated privileges on the target system.

The Windows Secondary Logon Service does not properly process request handles in memory. A local user can execute arbitrary code with administrator privileges.


Impact:   A local user can obtain administrator privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=624617d9-8fde-40bc-bc0e-6f44c94eed2c

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7c5e01fd-4f2a-4743-9da4-81c523301f49

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=188c719e-2455-4a3e-b504-f33257d6d6e7

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=949d91b0-0684-40d4-8071-1a08186209be

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=1ff3c045-5d10-4d0e-8924-c51bed6a0142

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=296d0623-f4c8-4b65-97cb-c9680bb24c4c

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=8c9fbddb-a8df-4579-9570-538bb51928e1

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=4c759084-e0ab-452f-a275-715b63269ef7

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=c5be391c-64a7-458f-9e6a-c7795c045520

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=e8c0212e-3068-4ddd-b730-c55368991923

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=01de8dba-8371-4fa2-aacc-d081bbd98155

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=af45d2dd-41d3-47ff-97ba-63c9bf3f5540

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=a20e0463-0e58-4770-90aa-47132fed9e0f

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=188c719e-2455-4a3e-b504-f33257d6d6e7

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=949d91b0-0684-40d4-8071-1a08186209be

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=4c759084-e0ab-452f-a275-715b63269ef7

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-032

Vendor URL:  technet.microsoft.com/library/security/ms16-032 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC