-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1720
    MS16-092 - Important: Security Update for Windows Kernel (3171910)
                               13 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows
Publisher:         Microsoft
Operating System:  Windows 8.1
                   Windows RT 8.1
                   Windows Server 2012
                   Windows Server 2012 R2
                   Windows 10
Impact/Access:     Modify Arbitrary Files   -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-3272 CVE-2016-3258 

Original Bulletin: 
   https://technet.microsoft.com/en-us/library/security/MS16-092

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS16-092 - Important 

Security Update for Secure Boot (3177404)

Published: July 12, 2016

Version: 1.0

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows. The most 
severe of the vulnerabilities could allow security feature bypass if the 
Windows kernel fails to determine how a low integrity application can use 
certain object manager features.

This security update is rated Important for all supported releases of 
Microsoft Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT
8.1, and Windows 10.

Affected Software

Windows 8.1

Windows Server 2012

Windows Server 2012 R2

Windows RT 8.1

Windows 10

Windows Server 2012 (Server Core Installation)

Windows Server 2012 R2 (Server Core Installation)

Vulnerability Information 

Windows File System Security Feature Bypass CVE-2016-3258

A security feature bypass vulnerability exists in the Windows kernel that 
could allow an attacker to exploit time of check time of use (TOCTOU) issues 
in file path-based checks from a low integrity application. An attacker who 
successfully exploited this vulnerability could potentially modify files 
outside of a low integrity level application.

To exploit the vulnerability, an attacker would need to take advantage of 
another vulnerability to compromise the sandbox process from a low integrity 
application. The security update addresses the vulnerability by adding a 
validation check on how a low integrity application can use certain object 
manager features.

The following table contains links to the standard entry for each 
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title				CVE number	Publicly disclosed	Exploited

Windows File System Security Feature Bypass	CVE-2016-3258	No			No

Windows Kernel Information Disclosure Vulnerability CVE-2016-3272

An information disclosure vulnerability exists in Microsoft Windows when the 
Windows kernel fails to properly handle certain page fault system calls. An 
authenticated attacker who successfully exploited this vulnerability could 
disclose information from one process to another.

To exploit the vulnerability, an attacker would have to either log on locally
to an affected system, or convince a locally authenticated user to execute a 
specially crafted application. The update addresses this vulnerability by 
correcting how the Windows kernel handles certain page fault system calls.

The following table contains links to the standard entry for each 
vulnerability in the Common Vulnerabilities and Exposures list:

Vulnerability title					CVE number	Publicly disclosed	Exploited

Windows Kernel Information Disclosure Vulnerability	CVE-2016-3272	Yes			No

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV4WRiIx+lLeg9Ub1AQglog/+NS0uUXvRZ3ZV+5fMa7m0MXxilsshTlYX
lGEmnOF9iIPCTY1O1oH2N+Ce4MTyQyd3Exw4dq63K7f2sTIMaV9UkvNsng4SCkIU
jTKETOuLlA4NBw2hCQNFUIpgxrvrdE2aOADuLjNieXbLxy7+GdrZRX+M0INIw9WA
GkCiJEUgeXlHSHSAujHA7qbLv4Q07pi1oVAaKebXbAsqDyOjE7rQCMGFPzLxHDNr
I7vHnKic7VfMMvBrlNHTLKP4A3zPUKPKOrIOV5313Dw7BaTkPOOiKevBsFr092RE
8DFYAcwPuiQDLfJ00wzT/L29wdNll9anNPKhkKhV1h82v3uL7kUlk9Bom2SXjDlp
Stuzu2Tt02PB3juOleZRdHLHb4Nh8sQ7ZNav1c3caUnS8XbQlcZ+sVBESzYx+vPy
KGefLsZEThQwDTrQhiytu8LKv9OnFv9GCagZKX+OglohrSBMUa2UznREg9RdKuKs
ohP2ygJC/2OzsKXG+7jLz0zE8zxaAhlczY4Y+Udv+8LDeGuaSCYYirEfkNNJ1GMO
2cIFMx1263mI+GehZhhNxCYu7uulrBGCYZmhf33fmMTGauS+YnUs6UflVyV/PxRH
02Nr1VTDd9hGo4tbxAzOxMm2AjuOpmHVoes1r/GwXvtl/OZ4Yxl15VRx2WutQrmj
YD/gS9arOZE=
=meVj
-----END PGP SIGNATURE-----