Vulners
Lucene search
MS16-089: Security Update for Windows Secure Kernel Mode (3170050)
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | The vulnerability of the Windows operating system allows a perpetrator to bypass the Secure Kernel Mode protection mechanism and obtain confidential information. | 16 Aug 201600:00 | – | bdu_fstec |
 | Microsoft Windows Information Disclosure Vulnerability (CNVD-2016-04923) | 14 Jul 201600:00 | – | cnvd |
 | CVE-2016-3256 | 13 Jul 201601:00 | – | cve |
 | CVE-2016-3256 | 13 Jul 201601:00 | – | cvelist |
 | EUVD-2016-4293 | 7 Oct 202500:30 | – | euvd |
 | Cumulative update for Windows 10: July 12, 2016 | 18 Jul 201607:00 | – | mskb |
| MS16-089: Security update for Windows secure kernel mode: July 12, 2016 | 12 Jul 201600:00 | – | mskb |
| Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: July 12, 2016 | 18 Jul 201607:00 | – | mskb |
 | KLA10840 Multiple vulnerabilities in Microsoft Windows | 12 Jul 201600:00 | – | kaspersky |
 | Windows Secure Kernel Mode Information Disclosure Vulnerability | 12 Jul 201607:00 | – | mscve |
10
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(92020);
script_version("1.10");
script_cvs_date("Date: 2019/11/19");
script_cve_id("CVE-2016-3256");
script_bugtraq_id(91590);
script_xref(name:"MSFT", value:"MS16-089");
script_xref(name:"MSKB", value:"3163912");
script_xref(name:"MSKB", value:"3172985");
script_xref(name:"IAVA", value:"2016-A-0180");
script_name(english:"MS16-089: Security Update for Windows Secure Kernel Mode (3170050)");
script_summary(english:"Checks the version of ntoskrnl.exe.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an information disclosure
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing a security update. It is,
therefore, affected by an information disclosure vulnerability in the
Windows Secure Kernel Mode due to improper handling of objects in
memory. An authenticated, remote attacker can exploit this, via a
crafted application, to disclose sensitive information on the target
host.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-089");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 10.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3256");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2016/07/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS16-089';
kbs = make_list("3163912", "3172985");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);
if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# 10 threshold 2 (aka 1511)
hotfix_is_vulnerable(os:"10", sp:0, file:"ntoskrnl.exe", version:"10.0.10586.494", os_build:"10586", dir:"\system32", bulletin:bulletin, kb:"3172985") ||
# 10 RTM
hotfix_is_vulnerable(os:"10", sp:0, file:"ntoskrnl.exe", version:"10.0.10240.17022", os_build:"10240", dir:"\system32", bulletin:bulletin, kb:"3163912")
)
{
set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_note();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Nov 2019 00:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 22.1
CVSS 35
EPSS0.04896