Msrc Windows 10 Version 1511 vulnerabilities

CVE-2016-7214 [LOW] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would hav

CVE-2016-7221 [HIGH] Windows IME Elevation of Privilege Vulnerability Windows IME Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Windows when Windows Input Method Editor (IME) improperly handles DLL loading. There is no impact without IME present. To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how Windows IME lo

CVE-2016-7238 [HIGH] Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability Description: A local elevation of privilege vulnerability exists when Windows fails to properly handle NTLM password change requests. An attacker who successfully exploited this vulnerability could elevate the attacker's permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. T

CVE-2016-7210 [MEDIUM] Open Type Font Information Disclosure Vulnerability Open Type Font Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Adobe Type Manager Font Driver improperly handles specially crafted OpenType fonts. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a use

CVE-2016-0026 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to th

CVE-2016-7237 [MEDIUM] Local Security Authority Subsystem Service Denial of Service Vulnerability Local Security Authority Subsystem Service Denial of Service Vulnerability Description: A denial of service vulnerability exists in the Windows Local Security Authority Subsystem Service (LSASS). A remote, but authenticated, attacker who successfully exploited this vulnerability could cause the target system to become nonresponsive. To exploit the vulnerability, a remote attacker would first have t

CVE-2016-7184 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to th

CVE-2016-7218 [MEDIUM] Windows Bowser.sys Information Disclosure Vulnerability Windows Bowser.sys Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory to which they should not have access. To exploit this vulnerability, an authenticated attack

CVE-2016-3263 [MEDIUM] GDI+ Information Disclosure Vulnerability GDI+ Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. An attacker who successfully exploited this vulnerability could use the retrieved information to circumvent Address Space Layout Randomization (ASLR) in Windows, which helps gu

CVE-2016-3396 [HIGH] GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to

CVE-2016-0070 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b

CVE-2016-3266 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-7182 [CRITICAL] Graphics Component Font Parsing Elevation of Privilege Vulnerability Graphics Component Font Parsing Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts

CVE-2016-3376 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3393 [HIGH] GDI+ Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are conf

CVE-2016-7185 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-7211 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3270 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3262 [MEDIUM] GDI+ Information Disclosure Vulnerability GDI+ Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. An attacker who successfully exploited this vulnerability could use the retrieved information to circumvent Address Space Layout Randomization (ASLR) in Windows, which helps gu

CVE-2016-3306 [HIGH] Windows Session Object Elevation of Privilege Vulnerability Windows Session Object Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit the vulnerability, the attacker could run a specially crafted application. The security update corrects how Windows ha