Msrc Windows 10 For 32-Bit Systems vulnerabilities

CVE-2016-3302 [MEDIUM] Windows Lock Screen Elevation of Privilege Vulnerability Windows Lock Screen Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user’s computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user’s computer. An attacker wh

CVE-2016-3346 [HIGH] Windows Permissions Enforcement Elevation of Privilege Vulnerability Windows Permissions Enforcement Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator. An attacker could then install programs; view, change, or

CVE-2016-3344 [LOW] Windows Secure Kernel Mode Information Disclosure Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an attacker could run a specially crafted app

CVE-2016-3369 [HIGH] Windows IPSec Denial of Service Vulnerability Windows IPSec Denial of Service Vulnerability Description: A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent auth

CVE-2016-3352 [HIGH] Windows Information Disclosure Vulnerability Windows Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user’s NTLM password hash. To exploit the vulnerability, an attacker would have to trick a user into

CVE-2016-3374 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3370 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3320 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the attacker could bypass Secure

CVE-2016-3319 [HIGH] Windows PDF Remote Code Execution Vulnerability Windows PDF Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the

CVE-2016-3312 [CRITICAL] Universal Outlook Information Disclosure Vulnerability Universal Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Universal Outlook fails to establish a secure connection. An attacker could use this vulnerability to obtain the username and password of a user. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords. ActiveSyncProvider: ActiveSyncProvider

CVE-2016-3250 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2016-3258 [MEDIUM] Windows File System Security Feature Bypass Vulnerability Windows File System Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use (TOCTOU) issues in file path-based checks from a low-integrity application. An attacker who successfully exploited this vulnerability could potentially modify files outside of a low-integrity level application. T

CVE-2016-3287 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for

CVE-2016-3272 [LOW] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another. To exploit the vulnerability, an attacker would have to either log on locally to an

CVE-2016-3256 [MEDIUM] Windows Secure Kernel Mode Information Disclosure Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an attacker could run a specially crafted

CVE-2016-3203 [MEDIUM] Windows PDF Remote Code Execution Windows PDF Remote Code Execution Description: A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install program

CVE-2016-3201 [MEDIUM] Windows PDF Information Disclosure Vulnerability Windows PDF Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user. To exploit the vulnerability, an attacker would have to trick the user into opening the PDF file. The update addresses the vulnerability b

CVE-2016-3230 [MEDIUM] Windows Search Denial of Service Vulnerability Windows Search Denial of Service Vulnerability Description: This vulnerability occurs when the Windows Search component fails to properly handle certain objects in memory. An attacker who successfully exploited this vulnerability could cause server performance to degrade sufficiently to cause a denial of service condition. To exploit this vulnerability, an attacker could use it to cause a denial of service attack and disrupt

CVE-2016-3219 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3231 [HIGH] Windows Diagnostics Hub Elevation of Privilege Vulnerability Windows Diagnostics Hub Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install progra