JVN#21627267: Microsoft IME may insecurely load Dynamic Link Libraries

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by...

Microsoft Task Scheduler Elevation of Privilege (MS16-130: CVE-2016-7222)

An elevation of privilege vulnerability exists in the Windows Task Scheduler. A locally authenticated attacker can exploit this vulnerability by using Windows Task Scheduler to schedule a new task with a malicious UNC path...

Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)

An elevation of privilege vulnerability exists in Windows Input Method Editor IME. The vulnerability is due to the way Input Method Editor improperly handles DLL loading. A locally authenticated attacker can exploit this vulnerability by running a specially crafted application...

MS16-130 and MS16-135: Description of the security update for Windows: November 8, 2016

MS16-130 and MS16-135: Description of the security update for Windows: November 8, 2016 Summary This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted...