Msrc Windows 8.1 For X64-Based Systems vulnerabilities

CVE-2017-0096 [LOW] Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose m

CVE-2017-0057 [MEDIUM] Windows DNS Query Information Disclosure Vulnerability Windows DNS Query Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability: If the target is a workstation, the attacker could conv

CVE-2016-7248 [HIGH] Microsoft Video Control Remote Code Execution Vulnerability Microsoft Video Control Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

CVE-2016-7246 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-7205 [HIGH] Windows Animation Manager Memory Corruption Vulnerability Windows Animation Manager Memory Corruption Vulnerability Description: A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could exploit the vulnerability by convincing a user to visit

CVE-2016-7223 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7224 [MEDIUM] VHD Driver Elevation of Privilege Vulnerability VHD Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the vulnerability, an attacker would need access to the local system and the a

CVE-2016-7247 [HIGH] Secure Boot Component Security Feature Bypass Vulnerability Secure Boot Component Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. To exploit the vulnerability

CVE-2016-7217 [HIGH] Media Foundation Memory Corruption Vulnerability Media Foundation Memory Corruption Vulnerability Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to

CVE-2016-0142 [HIGH] Microsoft Video Control Remote Code Execution Vulnerability Microsoft Video Control Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affec

CVE-2016-0073 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b

CVE-2016-3341 [HIGH] Windows Transaction Manager Elevation of Privilege Vulnerability Windows Transaction Manager Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted applica

CVE-2016-0075 [MEDIUM] Windows Kernel Local Elevation of Privilege Vulnerability Windows Kernel Local Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally authenticated attacker could exploit this vulnerability b

CVE-2016-3349 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3302 [MEDIUM] Windows Lock Screen Elevation of Privilege Vulnerability Windows Lock Screen Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user’s computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user’s computer. An attacker wh

CVE-2016-3352 [HIGH] Windows Information Disclosure Vulnerability Windows Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user’s NTLM password hash. To exploit the vulnerability, an attacker would have to trick a user into

CVE-2016-3374 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3370 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a

CVE-2016-3320 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Description: A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. Furthermore, the attacker could bypass Secure

CVE-2016-3319 [HIGH] Windows PDF Remote Code Execution Vulnerability Windows PDF Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the