SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Rpc Vendors:   Microsoft
Microsoft Windows RPC Memory Free Error Lets Remote Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035837
SecurityTracker URL:  http://securitytracker.com/id/1035837
CVE Reference:   CVE-2016-0178   (Links to External Site)
Date:  May 10 2016
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8.1, 2012, 2012 R2, RT 8.1, 10, 10 Version 1511; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows RPC. A remote user can gain elevated privileges.

A remote user can send specially crafted Remote Procedure Call (RPC) requests to trigger a memory free error in the RPC Network Data Representation (NDR) Engine and execute arbitrary code on the target system.

Impact:   A remote user can execute arbitrary code to gain elevated privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=b1b67adb-a95e-4045-8f55-e7b31eb443cd

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=868988b1-b28a-4aa3-8df1-8f9f086984cc

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=8694426f-77bd-45b3-bc42-4bd6430c419e

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=5bf172a4-4f9d-4122-9969-90779541bac8

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=9b2d1d42-d994-4614-b716-3e0144102bee

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=c571a562-0b25-458b-9de4-1ce71f2a8154

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=cf9271ed-5fba-49b0-be70-2472b91cee3e

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=96f87af7-2b0e-4097-947f-ce92811156ed

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=28ba3208-63ff-4fb0-a7ac-1824e61103fd

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=0ee3d606-3b09-47d8-abcf-4c927654a594

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=79a06397-bda3-4d11-b2e7-0a238f68712f

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=cc400f8d-ce06-4bd5-9e86-9048ac88bcbc

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=d4a97acb-fcc3-483e-b119-496f27c43805

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=c571a562-0b25-458b-9de4-1ce71f2a8154

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=0ee3d606-3b09-47d8-abcf-4c927654a594

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=79a06397-bda3-4d11-b2e7-0a238f68712f

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-061

Vendor URL:  technet.microsoft.com/library/security/ms16-061 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC