ID CVE-2016-0117 Type cve Reporter cve@mitre.org Modified 2018-10-12T22:11:00
Description
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."
{"symantec": [{"lastseen": "2018-03-13T12:07:50", "bulletinFamily": "software", "cvelist": ["CVE-2016-0117"], "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "SMNTC-84109", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/84109", "type": "symantec", "title": "Microsoft Windows PDF Library CVE-2016-0117 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-10T19:48:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0118", "CVE-2016-0117"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-028", "modified": "2020-06-08T00:00:00", "published": "2016-03-09T00:00:00", "id": "OPENVAS:1361412562310807310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807310", "type": "openvas", "title": "Microsoft Windows PDF Library Remote Code Execution Vulnerabilities (3143081)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows PDF Library Remote Code Execution Vulnerabilities (3143081)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807310\");\n script_version(\"2020-06-08T14:40:48+0000\");\n script_cve_id(\"CVE-2016-0117\", \"CVE-2016-0118\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 14:40:48 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-09 10:34:45 +0530 (Wed, 09 Mar 2016)\");\n script_name(\"Microsoft Windows PDF Library Remote Code Execution Vulnerabilities (3143081)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-028\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - The Microsoft Windows PDF Library when it improperly handles application\n programming interface (API) calls.\n\n - The remote code execution vulnerability exists in Microsoft Windows when\n a specially crafted file is opened in Windows Reader.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a\n remote attacker to cause arbitrary code to execute in the context of the\n current user, and also could gain the same user rights as the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3143081\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms16-028\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-028\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1, win2012R2:1, win8_1:1, win8_1x64:1,\n win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer1 = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Glcndfilter.dll\");\ndllVer2 = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Windows.data.pdf.dll\");\nif(!dllVer1 && !dllVer2){\n exit(0);\n}\n\nif(hotfix_check_sp(win2012:1) > 0 && dllVer1)\n{\n if(version_is_less(version:dllVer1, test_version:\"6.2.9200.17648\"))\n {\n Vulnerable_range = \"Less than 6.2.9200.17648\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:dllVer1, test_version:\"6.2.9200.21000\", test_version2:\"6.2.9200.21765\"))\n {\n Vulnerable_range = \"6.2.9200.21000 - 6.2.9200.21765\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0 && dllVer1)\n{\n if(version_is_less(version:dllVer1, test_version:\"6.3.9600.18229\"))\n {\n Vulnerable_range = \"Less than 6.3.9600.18229\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0 && dllVer2)\n{\n if(version_is_less(version:dllVer2, test_version:\"10.0.10240.16724\"))\n {\n Vulnerable_range = \"Less than 10.0.10240.16724\";\n VULN2 = TRUE ;\n }\n else if(version_in_range(version:dllVer2, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.161\"))\n {\n Vulnerable_range = \"10.0.10586.0 - 10.0.10586.161\";\n VULN2 = TRUE ;\n }\n}\n\nif(VULN2)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\windows.data.pdf.dll\"+ '\\n' +\n 'File version: ' + dllVer2 + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\Glcndfilter.dll\" + '\\n' +\n 'File version: ' + dllVer1 + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:47", "description": "The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin the Windows PDF library. A remote attacker can exploit these, by\nconvincing user to open a specially crafted PDF file, to execute\narbitrary code in the context of the current user.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-03-08T00:00:00", "title": "MS16-028: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0118", "CVE-2016-0117"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS16-028.NASL", "href": "https://www.tenable.com/plugins/nessus/89751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89751);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0117\", \"CVE-2016-0118\");\n script_bugtraq_id(84109, 84112);\n script_xref(name:\"MSFT\", value:\"MS16-028\");\n script_xref(name:\"MSKB\", value:\"3137513\");\n script_xref(name:\"MSKB\", value:\"3140745\");\n script_xref(name:\"MSKB\", value:\"3140768\");\n script_xref(name:\"IAVA\", value:\"2016-A-0066\");\n\n script_name(english:\"MS16-028: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3143081)\");\n script_summary(english:\"Checks the version of glcndfilter.dll and windows.data.pdf.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin the Windows PDF library. A remote attacker can exploit these, by\nconvincing user to open a specially crafted PDF file, to execute\narbitrary code in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-028\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, 2012\nR2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0118\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-028';\nkbs = make_list('3137513', '3140745', '3140768');\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\n# Server Core 2012 R2 is listed as affected, however no update\n# is offered and the files in question do not exist in a close look\n# at a 2012 R2 core host.\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share))\n audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"glcndfilter.dll\", version:\"6.2.9200.21766\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3137513\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"glcndfilter.dll\", version:\"6.2.9200.17648\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3137513\") ||\n # Windows 8.1 / Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"windows.data.pdf.dll\", version:\"6.3.9600.18229\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3137513\") ||\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"windows.data.pdf.dll\", version:\"10.0.10240.16724\", min_version:\"10.0.10240.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3140745\") ||\n # Windows 10 1511\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"windows.data.pdf.dll\", version:\"10.0.10586.162\", min_version:\"10.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3140768\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:45:45", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-0118", "CVE-2016-0117"], "description": "<html><body><p>Resolves vulnerabilities in Windows that could allow remote code execution if a user opens a specially crafted .pdf file.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file.<br/><br/><br/><br/><br/>To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms16-028\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS16-028</a>. </div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important </span><ul class=\"sbody-free_list\"><li>All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates. </li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.<br/></li></ul></div><h2>Additional information about this security update</h2><div class=\"kb-moreinformation-section section\"><br/>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3137513\" id=\"kb-link-6\" target=\"_self\">3137513</a> MS16-028: Description of the security update for Windows PDF Library: March 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3140745\" id=\"kb-link-7\" target=\"_self\">3140745</a> Cumulative Update for Windows 10: March 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3140768\" id=\"kb-link-8\" target=\"_self\">3140768</a> Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: March 8, 2016</li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><a class=\"bookmark\" id=\"obtaintheupdate\"></a><h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <br/><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-10\" target=\"_self\">Get security updates automatically</a>.<br/><br/><span class=\"text-base\">Note</span> For Windows RT 8.1, this update is available through Windows Update only.<br/></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Method 2: Microsoft Download Center</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.<br/><br/>Click the download link in <a href=\"https://technet.microsoft.com/library/security/ms16-028\" id=\"kb-link-11\" target=\"_self\">Microsoft Security Bulletin MS16-028</a> that corresponds to the version of Windows that you are running. <br/> <br/><br/><br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information<br/></span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows 8.1 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3137513-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3137513-x64.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-12\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3134214\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 3137513</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3137513-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3137513-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3134214\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 3137513</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><br/><br/><h4 class=\"sbody-h4\">Windows RT 8.1 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">These updates are available via <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-16\" target=\"_self\">Windows Update</a> only.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">Yes, you must restart your system after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3134214\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base Article 3137513</a></td></tr></table></div><br/><br/><h4 class=\"sbody-h4\">Windows 10 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3140745-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3140745-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3140768-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3140768-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3140745\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base Article 3140745</a><br/>See <a href=\"https://support.microsoft.com/help/3140768\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base Article 3140768</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-21\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-22\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-23\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-24\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 3, "modified": "2016-03-08T18:32:36", "id": "KB3143081", "href": "https://support.microsoft.com/en-us/help/3143081/", "published": "2016-03-08T00:00:00", "title": "MS16-028: Security update for Microsoft Windows PDF Library to address remote code execution: March 8, 2016", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:43:42", "bulletinFamily": "info", "cvelist": ["CVE-2016-0099", "CVE-2016-0100", "CVE-2016-0121", "CVE-2016-0092", "CVE-2016-0101", "CVE-2016-0087", "CVE-2016-0093", "CVE-2016-0120", "CVE-2016-0118", "CVE-2016-0096", "CVE-2016-0095", "CVE-2016-0133", "CVE-2016-0098", "CVE-2016-0117", "CVE-2016-0091", "CVE-2016-0094"], "description": "### *Detect date*:\n03/08/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or gain privileges.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows 8.1 \nMicrosoft Windows 2012 \nMicrosoft Windows 2012 R2 \nMicrosoft Windows RT 8.1 \nMicrosoft Windows 10 \nMicrosoft Windows 10 Version 1511\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0094>) \n[CVE-2016-0095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0095>) \n[CVE-2016-0121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0121>) \n[CVE-2016-0120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0120>) \n[CVE-2016-0118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0118>) \n[CVE-2016-0087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0087>) \n[CVE-2016-0091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0091>) \n[CVE-2016-0092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0092>) \n[CVE-2016-0093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0093>) \n[CVE-2016-0098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0098>) \n[CVE-2016-0096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0096>) \n[CVE-2016-0100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0100>) \n[CVE-2016-0099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0099>) \n[CVE-2016-0101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0101>) \n[CVE-2016-0133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0133>) \n[CVE-2016-0117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0117>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2016-0094](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0094>)7.2High \n[CVE-2016-0095](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0095>)7.2High \n[CVE-2016-0121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0121>)9.3Critical \n[CVE-2016-0120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0120>)7.1High \n[CVE-2016-0118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0118>)9.3Critical \n[CVE-2016-0087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0087>)7.2High \n[CVE-2016-0091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0091>)6.8High \n[CVE-2016-0092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0092>)9.3Critical \n[CVE-2016-0093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0093>)7.2High \n[CVE-2016-0098](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0098>)9.3Critical \n[CVE-2016-0096](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0096>)7.2High \n[CVE-2016-0100](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0100>)7.2High \n[CVE-2016-0099](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0099>)7.2High \n[CVE-2016-0101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0101>)9.3Critical \n[CVE-2016-0133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0133>)7.2High \n[CVE-2016-0117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0117>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3140768](<http://support.microsoft.com/kb/3140768>) \n[3140745](<http://support.microsoft.com/kb/3140745>) \n[3139398](<http://support.microsoft.com/kb/3139398>) \n[3139940](<http://support.microsoft.com/kb/3139940>) \n[3140709](<http://support.microsoft.com/kb/3140709>) \n[3143136](<http://support.microsoft.com/kb/3143136>) \n[3138962](<http://support.microsoft.com/kb/3138962>) \n[3139914](<http://support.microsoft.com/kb/3139914>) \n[3140735](<http://support.microsoft.com/kb/3140735>) \n[3143145](<http://support.microsoft.com/kb/3143145>) \n[3143146](<http://support.microsoft.com/kb/3143146>) \n[3140410](<http://support.microsoft.com/kb/3140410>) \n[3143141](<http://support.microsoft.com/kb/3143141>) \n[3143142](<http://support.microsoft.com/kb/3143142>) \n[3143081](<http://support.microsoft.com/kb/3143081>) \n[3139852](<http://support.microsoft.com/kb/3139852>) \n[3137513](<http://support.microsoft.com/kb/3137513>) \n[3143148](<http://support.microsoft.com/kb/3143148>) \n[3138910](<http://support.microsoft.com/kb/3138910>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2016-03-08T00:00:00", "id": "KLA10769", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10769", "title": "\r KLA10769Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
