Msrc Windows 10 For X64-Based Systems vulnerabilities

CVE-2017-0118 [MEDIUM] Windows Uniscribe Information Disclosure Vulnerability Windows Uniscribe Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a spe

CVE-2017-0076 [MEDIUM] Hyper-V Denial of Service Vulnerability Hyper-V Denial of Service Vulnerability Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host mac

CVE-2017-0096 [LOW] Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose m

CVE-2017-0057 [MEDIUM] Windows DNS Query Information Disclosure Vulnerability Windows DNS Query Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability: If the target is a workstation, the attacker could conv

CVE-2016-7273 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. User

CVE-2016-7271 [HIGH] Windows Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). The security up

CVE-2016-7258 [MEDIUM] Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel Memory Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited the vulnerability could disclose information from one process to another. To exploit the vulnerability, an attacker would have to either log o

CVE-2016-7248 [HIGH] Microsoft Video Control Remote Code Execution Vulnerability Microsoft Video Control Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

CVE-2016-7246 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-7205 [HIGH] Windows Animation Manager Memory Corruption Vulnerability Windows Animation Manager Memory Corruption Vulnerability Description: A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could exploit the vulnerability by convincing a user to visit

CVE-2016-7223 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7225 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7220 [LOW] Virtual Secure Mode Information Disclosure Vulnerability Virtual Secure Mode Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit the vulnerability, an attacker could run a specially crafted application on th

CVE-2016-7224 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7222 [HIGH] Task Scheduler Elevation of Privilege Vulnerability Task Scheduler Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Task Scheduler when a user creates a task that uses UNC paths. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a specia

CVE-2016-7226 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7247 [HIGH] Secure Boot Component Security Feature Bypass Vulnerability Secure Boot Component Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. To exploit the vulnerability

CVE-2016-7217 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2016-0142 [HIGH] Microsoft Video Control Remote Code Execution Vulnerability Microsoft Video Control Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

CVE-2016-0073 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b