Operating System:

[WIN]

Published:

13 July 2016

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2016.1718 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1718
             MS16-090 - Important: Security Update for Windows
                       Kernel-Mode Drivers (3171481)
                               13 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Administrator Compromise -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-3286 CVE-2016-3254 CVE-2016-3252
                   CVE-2016-3251 CVE-2016-3250 CVE-2016-3249

Original Bulletin: 
   https://technet.microsoft.com/en-us/library/security/MS16-090

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS16-090 - Important 

Security Update for Windows Kernel-Mode Drivers (3171481)

Published: July 12, 2016

Version: 1.0

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The more 
severe of the vulnerabilities could allow elevation of privilege if an 
attacker logs on to an affected system and runs a specially crafted 
application that could exploit the vulnerabilities and take control of an 
affected system.

This security update is rated Important for all supported releases of Windows.

Affected Software

Windows Vista

Windows Server 2008

Windows 7

Windows Server 2008 R2

Windows 8.1

Windows Server 2012

Windows Server 2012 R2

Windows RT 8.1

Windows 10

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core 
installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core 
installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Vulnerability Information 

Multiple Win32k Elevation of Privilege Vulnerabilities

Elevation of privilege vulnerabilities exist when the Windows kernel-mode 
driver fails to properly handle objects in memory. An attacker who 
successfully exploited these vulnerabilities could run arbitrary code in 
kernel mode. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights.

To exploit these vulnerabilities, an attacker would first have to log on to 
the system. An attacker could then run a specially crafted application that 
could exploit the vulnerabilities and take control of an affected system. The
update addresses these vulnerabilities by correcting how the Windows 
kernel-mode driver handles objects in memory.

The following table contains links to the standard entry for each 
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title				CVE number	Publicly disclosed	Exploited

Win32k Elevation of Privilege Vulnerability	CVE-2016-3249	No			No

Win32k Elevation of Privilege Vulnerability	CVE-2016-3250	No			No

Win32k Elevation of Privilege Vulnerability	CVE-2016-3252	No			No

Win32k Elevation of Privilege Vulnerability	CVE-2016-3254	No			No

Win32k Elevation of Privilege Vulnerability	CVE-2016-3286	No			No

Win32k Information Disclosure Vulnerability - CVE-2016-3251

A Win32k information disclosure vulnerability exists when the Windows GDI 
component improperly discloses kernel memory addresses. An attacker who 
successfully exploited the vulnerability could obtain information to further 
compromise the users system.

To exploit this vulnerability, an attacker would have to log on to an affected
system and run a specially crafted application. The vulnerability would not 
allow an attacker to execute code or to elevate user rights directly, but it 
could be used to obtain information that could be used to try to further 
compromise the affected system. The security update addresses the 
vulnerability by correcting how the Windows GDI component handles objects in 
memory.

The following table contains links to the standard entry for each 
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title				CVE number	Publicly disclosed	Exploited

Win32k Information Disclosure Vulnerability	CVE-2016-3251	No			No

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV4WRVox+lLeg9Ub1AQhzfQ//ZbE/bmnl2N+5SkdVinI3xQbmsK18qv0M
01ACU9sLfdboYBMtvX+ekK0tSAYv9gjK7xkbHp7vKOjYv5G+p+IZdL0RDmYUeVH6
6nknTQ0TlmrryClJ03RrBa/WeBYqL0w/jmvMQY529bYwqtIaMHMLXRJ7PYxU4d4R
XWLbrCbTmXBQiqZS9UUipU+MOefV6ybGVa/yH0XnAWFzPrPf/qm0S+TeDpdlEkvv
2mpSHpMiadVKx1hOHZKy0FFEEzTX5vEnl4JJ6FIEncoyBvwAVYrDCANyEWu5d34E
klLAMauXErwWli1FJJKAQp3RHCT5ZiE19ztU1yVnE6tBBblCZizlUnC7bgGH+ksS
qZG2AfwHAdKPPX/JzBA8hd/ZDexNT1tBNBcofZ8SY1rJ02qo9AiDToebiu7jv958
PT0NtTFHS+WgpuGTOxOeuEmOpxUgWznVY0jaUsSIsJwSYJ8MVHeVFwRE7Gm1GXDA
fP0u/kUs89AKBepAZ6xU5BNQUJ0Lkx+W5fCo1G0arel8f+yUloufx0GKg6plOICD
4P+H7ey+sLyjfpVO8Y82nk62I1huz3GG+Hdr5/sb1iOIezwch5EVYkO45qIjBdHZ
10dhENMvJtuGUhBEKxzZM/FPcXhOh3Pd9oSxGd94s+06EzNShKhOdzoUuh+UO+KH
xr8Fv14GRkg=
=HMB6
-----END PGP SIGNATURE-----