Cumulative update for Windows 10: November 8, 2016
2016-11-08T00:00:00
ID KB3198585 Type mskb Reporter Microsoft Modified 2016-12-21T02:22:46
Description
<html><body><p>Describes a security update that includes improvements and fixes in the functionality of Windows 10.</p><h2>Summary</h2><div class="kb-summary-section section">This security update includes <a href="https://support.microsoft.com/en-us/help/12387/windows-10-update-history" id="kb-link-1" target="_self">improvements and fixes</a> in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows:<br/><br/><ul class="sbody-free_list"><li><a href="https://support.microsoft.com/help/3198467" id="kb-link-2" target="_self">3198467</a> MS16-142: Cumulative security update for Internet Explorer: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3193479" id="kb-link-3" target="_self">3193479</a> MS16-140: Security update for Boot Manager: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199647" id="kb-link-4" target="_self">3199647</a> MS16-138: Security update to Microsoft virtual hard drive: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199173" id="kb-link-5" target="_self">3199173</a> MS16-137: Security update for Windows authentication methods: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199135" id="kb-link-6" target="_self">3199135</a> MS16-135: Security update for kernel-mode drivers: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3193706" id="kb-link-7" target="_self">3193706</a> MS16-134: Security update for common log file system driver: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199120" id="kb-link-8" target="_self">3199120</a> MS16-132: Security update for Microsoft graphics component: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199151" id="kb-link-9" target="_self">3199151</a> MS16-131: Security update for Microsoft video control: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199172" id="kb-link-10" target="_self">3199172</a> MS16-130: Security update for Microsoft Windows: November 8, 2016</li><li><a href="https://support.microsoft.com/help/3199057" id="kb-link-11" target="_self">3199057</a> MS16-129: Cumulative security update for Microsoft Edge: November 8, 2016</li></ul>Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.<br/><br/>If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer. If you are installing a Windows 10 update package for the first time, the package for the <strong class="sbody-strong">x</strong>86 version is 487 MB and the package for the <strong class="sbody-strong">x</strong>64 version is 1030 MB.</div><h2>Known issue in this update</h2><div class="kb-symptoms-section section">When you change the password for a local account on a Windows 10 Version 1507 computer with update 3198585 installed, the computer will hang at "Changing Password." The password is successfully changed, and when this happens you will need to restart the computer and log in with the new password. </div><h2>How to get this update</h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Method 1: Windows Update</h3>This update will be downloaded and installed automatically.<br/><h3 class="sbody-h3">Method 2: Microsoft Update Catalog</h3>To get the stand-alone package for this update, go to the <a href="http://www.catalog.update.microsoft.com/search.aspx?q=kb3198585" id="kb-link-12" target="_self">Microsoft Update Catalog</a> website.<br/><h3 class="sbody-h3">Prerequisites</h3>There are no prerequisites for installing this update.<br/><h3 class="sbody-h3">Restart information</h3>You have to restart the computer after you apply this update. <br/><h3 class="sbody-h3">Update replacement information</h3>This update replaces the previously released update, <a href="https://support.microsoft.com/help/3199125" id="kb-link-13" target="_self">3199125</a>.</div><h2>File Information</h2><div class="kb-resolution-section section">For a list of the files that are provided in this cumulative update, download the <a href="http://download.microsoft.com/download/8/b/d/8bd9da20-497b-4c26-990f-89af2874b6cf/3198585.csv" id="kb-link-14" target="_self">file information for cumulative update 3198585</a>.</div><h2>References</h2><div class="kb-references-section section"> Learn about the <a href="https://support.microsoft.com/help/824684" id="kb-link-15" target="_self">terminology</a> that Microsoft uses to describe software updates.<br/></div></body></html>
{"id": "KB3198585", "bulletinFamily": "microsoft", "title": "Cumulative update for Windows 10: November 8, 2016", "description": "<html><body><p>Describes a security update that includes improvements and fixes in the functionality of Windows 10.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update includes <a href=\"https://support.microsoft.com/en-us/help/12387/windows-10-update-history\" id=\"kb-link-1\" target=\"_self\">improvements and fixes</a> in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows:<br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3198467\" id=\"kb-link-2\" target=\"_self\">3198467</a> MS16-142: Cumulative security update for Internet Explorer: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3193479\" id=\"kb-link-3\" target=\"_self\">3193479</a> MS16-140: Security update for Boot Manager: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199647\" id=\"kb-link-4\" target=\"_self\">3199647</a> MS16-138: Security update to Microsoft virtual hard drive: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199173\" id=\"kb-link-5\" target=\"_self\">3199173</a> MS16-137: Security update for Windows authentication methods: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199135\" id=\"kb-link-6\" target=\"_self\">3199135</a> MS16-135: Security update for kernel-mode drivers: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3193706\" id=\"kb-link-7\" target=\"_self\">3193706</a> MS16-134: Security update for common log file system driver: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199120\" id=\"kb-link-8\" target=\"_self\">3199120</a> MS16-132: Security update for Microsoft graphics component: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199151\" id=\"kb-link-9\" target=\"_self\">3199151</a> MS16-131: Security update for Microsoft video control: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199172\" id=\"kb-link-10\" target=\"_self\">3199172</a> MS16-130: Security update for Microsoft Windows: November 8, 2016</li><li><a href=\"https://support.microsoft.com/help/3199057\" id=\"kb-link-11\" target=\"_self\">3199057</a> MS16-129: Cumulative security update for Microsoft Edge: November 8, 2016</li></ul>Windows 10 updates are cumulative. Therefore, this package contains all previously released fixes.<br/><br/>If you have installed previous updates, only the new fixes that are contained in this package will be downloaded and installed to your computer. If you are installing a Windows 10 update package for the first time, the package for the <strong class=\"sbody-strong\">x</strong>86 version is 487 MB and the package for the <strong class=\"sbody-strong\">x</strong>64 version is 1030 MB.</div><h2>Known issue in this update</h2><div class=\"kb-symptoms-section section\">When you change the password for a local account on a Windows 10 Version 1507 computer with update 3198585 installed, the computer will hang at \"Changing Password.\" The password is successfully changed, and when this happens you will need to restart the computer and log in with the new password. </div><h2>How to get this update</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Method 1: Windows Update</h3>This update will be downloaded and installed automatically.<br/><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3>To get the stand-alone package for this update, go to the <a href=\"http://www.catalog.update.microsoft.com/search.aspx?q=kb3198585\" id=\"kb-link-12\" target=\"_self\">Microsoft Update Catalog</a> website.<br/><h3 class=\"sbody-h3\">Prerequisites</h3>There are no prerequisites for installing this update.<br/><h3 class=\"sbody-h3\">Restart information</h3>You have to restart the computer after you apply this update. <br/><h3 class=\"sbody-h3\">Update replacement information</h3>This update replaces the previously released update, <a href=\"https://support.microsoft.com/help/3199125\" id=\"kb-link-13\" target=\"_self\">3199125</a>.</div><h2>File Information</h2><div class=\"kb-resolution-section section\">For a list of the files that are provided in this cumulative update, download the <a href=\"http://download.microsoft.com/download/8/b/d/8bd9da20-497b-4c26-990f-89af2874b6cf/3198585.csv\" id=\"kb-link-14\" target=\"_self\">file information for cumulative update 3198585</a>.</div><h2>References</h2><div class=\"kb-references-section section\"> Learn about the <a href=\"https://support.microsoft.com/help/824684\" id=\"kb-link-15\" target=\"_self\">terminology</a> that Microsoft uses to describe software updates.<br/></div></body></html>", "published": "2016-11-08T00:00:00", "modified": "2016-12-21T02:22:46", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://support.microsoft.com/en-us/help/3198585/", "reporter": "Microsoft", "references": [], "cvelist": [], "type": "mskb", "lastseen": "2021-01-01T22:49:40", "edition": 62, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2016-7224", "MS:CVE-2016-7184", "MS:CVE-2016-7221", "MS:CVE-2016-3333", "MS:CVE-2016-7198", "MS:CVE-2016-7256", "MS:CVE-2016-0026", "MS:CVE-2016-7196", "MS:CVE-2016-7241", "MS:CVE-2016-3332"]}], "modified": "2021-01-01T22:49:40", "rev": 2}, "score": {"value": 1.7, "vector": "NONE", "modified": "2021-01-01T22:49:40", "rev": 2}, "vulnersScore": 1.7}, "kb": "KB3198585", "msrc": "MS16-142", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": ["18472"], "supportAreaPaths": ["c6cab6e3-6598-6a1f-fbb2-f66d3740139d"], "supportAreaPathNodes": [{"id": "c6cab6e3-6598-6a1f-fbb2-f66d3740139d", "name": "Windows 10", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "c6cab6e3-6598-6a1f-fbb2-f66d3740139d", "name": "Windows 10", "parent": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "tree": [], "type": "productversion"}, {"id": "1267d68d-d9f7-6020-0726-166b153ccbeb", "name": "Windows", "tree": [], "type": "productfamily"}, {"id": "6ae59d69-36fc-8e4d-23dd-631d98bf74a9", "name": "Windows 10", "parent": "1267d68d-d9f7-6020-0726-166b153ccbeb", "tree": [], "type": "productname"}], "superseeds": [], "parentseeds": [], "msimpact": "", "msseverity": "", "scheme": null}
{"mscve": [{"lastseen": "2020-08-07T11:48:16", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7215"], "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7215", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7215", "published": "2016-12-13T08:00:00", "title": "Win32k Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7202"], "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 5, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7202", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7202", "published": "2016-12-13T08:00:00", "title": "Scripting Engine Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:17", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-3334"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-3334", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3334", "published": "2016-12-13T08:00:00", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7241"], "description": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.\n\nThe security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.\n", "edition": 4, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7241", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7241", "published": "2016-12-13T08:00:00", "title": "Microsoft Browser Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:32", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-0026"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-0026", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0026", "published": "2016-12-13T08:00:00", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7221"], "description": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows Input Method Editor (IME) improperly handles DLL loading. There is no impact without IME present.\n\nTo exploit this vulnerability, a locally authenticated attacker could run a specially crafted application.\n\nThe security update addresses this vulnerability by correcting how Windows IME loads DLLs.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7221", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7221", "published": "2016-12-13T08:00:00", "title": "Windows IME Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:45:35", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-3342"], "description": "An elevation of privilege vulnerability exists when the [Windows Common Log File System (CLFS)](<https://technet.microsoft.com/library/security/dn848375.aspx#CLFS>) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.\n\nThe security update addresses the vulnerability by correcting how CLFS handles objects in memory.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-3342", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3342", "published": "2016-12-13T08:00:00", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:23", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7255"], "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7255", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7255", "published": "2016-12-13T08:00:00", "title": "Win32k Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:29", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7256"], "description": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThere are multiple ways an attacker could exploit the vulnerability:\n\n * In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.\n * In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file.\n\nThe security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.\n\n**Rename ATMFD.DLL** For 32-bit systems:\n\n 1. Enter the following commands at an administrative command prompt: cd "%windir%\\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll\n 2. Restart the system.\n\nFor 64-bit systems:\n\n 1. Enter the following commands at an administrative command prompt: cd "%windir%\\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll cd "%windir%\\syswow64" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll\n 2. Restart the system.\n\n**Optional procedure for Windows 8 and later operating systems (disable ATMFD):** **Note** Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.\n\n**Method 1 (manually edit the system registry):**\n\n 1. Run **regedit.exe** as Administrator.\n 2. In Registry Editor, navigate to the following sub key (or create it) and set its DWORD value to 1: `HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DisableATMFD, DWORD = 1`\n 3. Close Registry Editor and restart the system.\n\n**Method 2 (use a managed deployment script):**\n\n 1. Create a text file named ATMFD-disable.reg that contains the following text:\n \n \n \tWindows Registry Editor Version 5.00\n \t[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\n \t\"DisableATMFD\"=dword:00000001\n \n\n 3. Run regedit.exe.\n 4. In Registry Editor, click the **File** menu and then click **Import**.\n 5. Navigate to and select the ATMFD-disable.reg file that you created in the first step. (**Note** If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog\u2019s file extension parameters to **All Files**).\n 6. Click **Open** and then click **OK** to close Registry Editor.\n\n**Impact of workaround**. Applications that rely on embedded font technology will not display properly. Disabling ATMFD.DLL could cause certain applications to stop working properly if they use OpenType fonts. Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change.\n\n**How to undo the workaround.** For 32-bit systems:\n\n 1. Enter the following commands at an administrative command prompt:\n \n \n \tcd \"%windir%\\system32\"\n \trename x-atmfd.dll atmfd.dll\n \ticacls.exe atmfd.dll /setowner \"NT SERVICE\\TrustedInstaller\"\n \ticacls.exe . /restore atmfd.dll.acl\n \n\n 2. Restart the system.\n\nFor 64-bit systems:\n\n 1. Enter the following commands at an administrative command prompt:\n \n \n \tcd \"%windir%\\system32\"\n \trename x-atmfd.dll atmfd.dll\n \ticacls.exe atmfd.dll /setowner \"NT SERVICE\\TrustedInstaller\"\n \ticacls.exe . /restore atmfd.dll.acl\n \tcd \"%windir%\\syswow64\"\n \trename x-atmfd.dll atmfd.dll\n \ticacls.exe atmfd.dll /setowner \"NT SERVICE\\TrustedInstaller\"\n \ticacls.exe . /restore atmfd.dll.acl\n \n\n 2. Restart the system.\n\n**Optional procedure for Windows 8 and later operating systems (enable ATMFD)**: **Note** Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.\n\n**Method 1 (manually edit the system registry):**\n\n 1. Run **regedit.exe** as Administrator.\n 2. In Registry Editor, navigate to the following sub key and set its DWORD value to 0: `HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DisableATMFD, DWORD = 0`\n 3. Close Registry Editor and restart the system.\n\n**Method 2 (use a managed deployment script):**\n\n 1. Create a text file named **ATMFD-enable.reg** that contains the following text:\n \n \n \tWindows Registry Editor Version 5.00\n \t[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows]\n \t\"DisableATMFD\"=dword:00000000\n \n\n 2. Run regedit.exe.\n 3. In Registry Editor, click the **File** menu and then click **Import**.\n 4. Navigate to and select the **ATMFD-enable.reg** file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog\u2019s file extension parameters to **All Files**).\n 5. Click **Open** and then click **OK** to close Registry Editor.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7256", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7256", "published": "2016-12-13T08:00:00", "title": "Microsoft Graphics Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-07T11:48:24", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-7224"], "description": "An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user.\n\nTo exploit the vulnerability, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.\n\nThe security update addresses the vulnerability by correcting how the kernel API restricts access to these files.\n", "edition": 3, "modified": "2016-12-13T08:00:00", "id": "MS:CVE-2016-7224", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7224", "published": "2016-12-13T08:00:00", "title": "VHD Driver Elevation of Privilege Vulnerability", "type": "mscve", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}]}
