Msrc Windows 10 For X64-Based Systems vulnerabilities

CVE-2016-3341 [HIGH] Windows Transaction Manager Elevation of Privilege Vulnerability Windows Transaction Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted applica

CVE-2016-0079 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b

CVE-2016-7188 [HIGH] Windows Diagnostics Hub Elevation of Privilege Vulnerability Windows Diagnostics Hub Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install progra

CVE-2016-0075 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b

CVE-2016-3349 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3302 [MEDIUM] Windows Lock Screen Elevation of Privilege Vulnerability Windows Lock Screen Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user’s computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user’s computer. An attacker wh

CVE-2016-3346 [HIGH] Windows Permissions Enforcement Elevation of Privilege Vulnerability Windows Permissions Enforcement Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator. An attacker could then install programs; view, change, or

CVE-2016-3344 [LOW] Windows Secure Kernel Mode Information Disclosure Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an attacker could run a specially crafted app

CVE-2016-3369 [HIGH] Windows IPSec Denial of Service Vulnerability Windows IPSec Denial of Service Vulnerability Description: A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent auth

CVE-2016-3352 [HIGH] Windows Information Disclosure Vulnerability Windows Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user’s NTLM password hash. To exploit the vulnerability, an attacker would have to trick a user into

CVE-2016-3374 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3370 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3320 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the attacker could bypass Secure

CVE-2016-3319 [HIGH] Windows PDF Remote Code Execution Vulnerability Windows PDF Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the

CVE-2016-3312 [CRITICAL] Universal Outlook Information Disclosure Vulnerability Universal Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Universal Outlook fails to establish a secure connection. An attacker could use this vulnerability to obtain the username and password of a user. The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords. ActiveSyncProvider: ActiveSyncProvider

CVE-2016-3250 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2016-3258 [MEDIUM] Windows File System Security Feature Bypass Vulnerability Windows File System Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use (TOCTOU) issues in file path-based checks from a low-integrity application. An attacker who successfully exploited this vulnerability could potentially modify files outside of a low-integrity level application. T

CVE-2016-3287 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for

CVE-2016-3272 [LOW] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another. To exploit the vulnerability, an attacker would have to either log on locally to an

CVE-2016-3256 [MEDIUM] Windows Secure Kernel Mode Information Disclosure Vulnerability Windows Secure Kernel Mode Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an attacker could run a specially crafted