{"id": "SMNTC-90102", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Windows DirectX Graphics Kernel CVE-2016-0197 Local Privilege Escalation Vulnerability", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2016-05-10T00:00:00", "modified": "2016-05-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/90102", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2016-0197"], "lastseen": "2021-06-08T19:05:14", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0197"]}, {"type": "kaspersky", "idList": ["KLA10801", "KLA11914"]}, {"type": "mscve", "idList": ["MS:CVE-2016-0197"]}, {"type": "mskb", "idList": ["KB3158222"]}, {"type": "nessus", "idList": ["SMB_NT_MS16-062.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808018"]}], "rev": 4}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-0197"]}, {"type": "kaspersky", "idList": ["KLA10801"]}, {"type": "mskb", "idList": ["KB3158222"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808018"]}]}, "exploitation": null, "vulnersScore": 6.9}, "affectedSoftware": [{"name": "microsoft windows", "operator": "eq", "version": "8.1 for 32-bit Systems "}, {"name": "microsoft windows", "operator": "eq", "version": "7 for x64-based Systems SP1 "}, {"name": "microsoft windows", "operator": "eq", "version": "7 for 32-bit Systems SP1 "}, {"name": "microsoft windows server", "operator": "eq", "version": "2012 R2 "}, {"name": "microsoft windows", "operator": "eq", "version": "10 for x64-based Systems "}, {"name": "microsoft windows server", "operator": "eq", "version": "2012 "}, {"name": "microsoft windows", "operator": "eq", "version": "10 version 1511 for 32-bit Systems "}, {"name": "microsoft windows", "operator": "eq", "version": "8.1 for x64-based Systems "}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 R2 for x64-based Systems SP1 "}, {"name": "microsoft windows server", "operator": "eq", "version": "2008 R2 for Itanium-based Systems SP1 "}, {"name": "microsoft windows rt", "operator": "eq", "version": "8.1 "}, {"name": "microsoft windows", "operator": "eq", "version": "10 version 1511 for x64-based Systems "}, {"name": "microsoft windows", "operator": "eq", "version": "10 for 32-bit Systems "}], "immutableFields": [], "edition": 2, "scheme": null, "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"mscve": [{"lastseen": "2021-12-06T18:25:26", "description": "An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.\n\nAn attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nThe update addresses the vulnerability by correcting the way the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) handles certain calls and escapes, to preclude improper memory mapping and to prevent unintended elevation from user mode.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T07:00:00", "type": "mscve", "title": "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0197"], "modified": "2016-05-10T07:00:00", "id": "MS:CVE-2016-0197", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-0197", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:47:35", "description": "dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability.\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-11T01:59:00", "type": "cve", "title": "CVE-2016-0197", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0197"], "modified": "2018-10-12T22:11:00", "cpe": ["cpe:/o:microsoft:windows_10:*", "cpe:/o:microsoft:windows_vista:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2016-0197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0197", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-10-07T02:55:10", "description": "The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0196)\n\n - A security feature bypass vulnerability exists in the Windows kernel. An authenticated, remote attacker can exploit this, via a crafted application, to bypass the Kernel Address Space Layout Randomization (KASLR) feature and retrieve the memory address of a kernel object. (CVE-2016-0175)\n\n - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0176)\n\n - A privilege escalation vulnerability exists in the DirectX Graphics kernel subsystem due to a failure to correctly map kernel memory and to handle objects in memory. An authenticated, remote attacker can exploit this, via a crafted application, to execute arbitrary code. (CVE-2016-0197)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-10T00:00:00", "type": "nessus", "title": "MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0171", "CVE-2016-0173", "CVE-2016-0174", "CVE-2016-0175", "CVE-2016-0176", "CVE-2016-0196", "CVE-2016-0197"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS16-062.NASL", "href": "https://www.tenable.com/plugins/nessus/91012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91012);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0171\",\n \"CVE-2016-0173\",\n \"CVE-2016-0174\",\n \"CVE-2016-0175\",\n \"CVE-2016-0176\",\n \"CVE-2016-0196\",\n \"CVE-2016-0197\"\n );\n script_bugtraq_id(\n 89860,\n 90027,\n 90052,\n 90064,\n 90065,\n 90101,\n 90102\n );\n script_xref(name:\"MSFT\", value:\"MS16-062\");\n script_xref(name:\"MSKB\", value:\"3153199\");\n script_xref(name:\"MSKB\", value:\"3156017\");\n script_xref(name:\"MSKB\", value:\"3156387\");\n script_xref(name:\"MSKB\", value:\"3156421\");\n script_xref(name:\"MSKB\", value:\"3158222\");\n\n script_name(english:\"MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)\");\n script_summary(english:\"Checks the version of win32k.sys and dxgkrnl.sys.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple privilege escalation vulnerabilities exist in\n the Windows kernel-mode driver due to a failure to\n properly handle objects in memory. An authenticated,\n remote attacker can exploit this, via a crafted\n application, to execute arbitrary code. (CVE-2016-0171,\n CVE-2016-0173, CVE-2016-0174, CVE-2016-0196)\n\n - A security feature bypass vulnerability exists in the\n Windows kernel. An authenticated, remote attacker can\n exploit this, via a crafted application, to bypass\n the Kernel Address Space Layout Randomization (KASLR)\n feature and retrieve the memory address of a kernel\n object. (CVE-2016-0175)\n\n - A privilege escalation vulnerability exists in the\n DirectX Graphics kernel subsystem due to a failure to\n properly handle objects in memory. An authenticated,\n remote attacker can exploit this, via a crafted\n application, to execute arbitrary code. (CVE-2016-0176)\n\n - A privilege escalation vulnerability exists in the\n DirectX Graphics kernel subsystem due to a failure to\n correctly map kernel memory and to handle objects in\n memory. An authenticated, remote attacker can exploit\n this, via a crafted application, to execute arbitrary\n code. (CVE-2016-0197)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-062';\nkbs = make_list(\n \"3153199\",\n \"3156017\",\n \"3156387\",\n \"3156421\",\n \"3158222\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 10 threshold 2 (aka 1511)\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"win32kfull.sys\", version:\"10.0.10586.312\", min_version:\"10.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3156421\") ||\n\n # 10 RTM\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"win32kfull.sys\", version:\"10.0.10240.16847\", dir:\"\\system32\", bulletin:bulletin, kb:\"3156387\") ||\n\n # Windows 8.1 / Windows Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"win32k.sys\", version:\"6.3.9600.18302\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3153199\") ||\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"dxgkrnl.sys\", version:\"6.3.9600.18302\", min_version:\"6.3.9600.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"3156017\") ||\n\n # Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"win32k.sys\", version:\"6.2.9200.21833\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3153199\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"dxgkrnl.sys\", version:\"6.2.9200.21831\", min_version:\"6.2.9200.16000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"3156017\") ||\n\n # Windows 7 / Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"win32k.sys\", version:\"6.1.7601.23418\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3153199\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"dxgkrnl.sys\", version:\"6.1.7601.23418\", min_version:\"6.1.7600.18000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"3156017\") ||\n\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.23950\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3153199\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.19636\", min_version:\"6.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3153199\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"dxgkrnl.sys\", version:\"7.0.6002.23950\", min_version:\"7.0.6002.23000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"3156017\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"dxgkrnl.sys\", version:\"7.0.6002.19636\", min_version:\"7.0.6002.18000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:\"3156017\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:48:23", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS16-062.", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3158222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0173", "CVE-2016-0196", "CVE-2016-0171", "CVE-2016-0176", "CVE-2016-0175", "CVE-2016-0197", "CVE-2016-0174"], "modified": "2020-06-08T00:00:00", "id": "OPENVAS:1361412562310808018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3158222)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808018\");\n script_version(\"2020-06-08T14:40:48+0000\");\n script_cve_id(\"CVE-2016-0171\", \"CVE-2016-0173\", \"CVE-2016-0174\", \"CVE-2016-0196\",\n \"CVE-2016-0175\", \"CVE-2016-0176\", \"CVE-2016-0197\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 14:40:48 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 09:35:43 +0530 (Wed, 11 May 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3158222)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS16-062.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist,\n\n - When the Windows kernel-mode driver fails to properly handle objects in\n memory and incorrectly maps kernel memory\n\n - When the DirectX Graphics kernel subsystem (dxgkrnl.sys) improperly handles\n objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to run arbitrary code in kernel mode, and to take control over the\n affected system, also could retrieve the memory address of a kernel object.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Vista x32/x64 Service Pack 2\n\n - Microsoft Windows Server 2008 x32/x64 Service Pack 2\n\n - Microsoft Windows 7 x32/x64 Service Pack 1\n\n - Microsoft Windows Server 2008 R2 x64 Service Pack 1\n\n - Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3158222\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS16-062\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-062\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win2012:1, win2012R2:1, win8_1:1, win8_1x64:1,win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer1 = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Win32k.sys\");\ndllVer2 = fetch_file_version(sysPath:sysPath, file_name:\"System32\\Dxgkrnl.sys\");\n\nif(!dllVer1 && !dllVer2){\n exit(0);\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(dllVer1)\n {\n if(version_is_less(version:dllVer1, test_version:\"6.1.7601.23418\"))\n {\n Vulnerable_range1 = \"Less than 6.1.7601.23418\";\n VULN1 = TRUE ;\n }\n }\n else if(dllVer2)\n {\n if(version_is_less(version:dllVer2, test_version:\"6.1.7601.23418\"))\n {\n Vulnerable_range2 = \"Less than 6.1.7601.23418\";\n VULN2 = TRUE ;\n }\n }\n}\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(dllVer1)\n {\n if(version_is_less(version:dllVer1, test_version:\"6.0.6002.19636\"))\n {\n Vulnerable_range1 = \"Less than 6.0.6002.19636\";\n VULN1 = TRUE ;\n }\n else if(version_in_range(version:dllVer1, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23949\"))\n {\n Vulnerable_range1 = \"6.0.6002.23000 - 6.0.6002.23949\";\n VULN1 = TRUE ;\n }\n }\n else if(dllVer2)\n {\n if(version_is_less(version:dllVer2, test_version:\"6.0.6002.19636\"))\n {\n Vulnerable_range2 = \"Less than 6.0.6002.19636\";\n VULN2 = TRUE ;\n }\n else if(version_in_range(version:dllVer2, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23949\"))\n {\n Vulnerable_range2 = \"6.0.6002.23000 - 6.0.6002.23949\";\n VULN2 = TRUE ;\n }\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(dllVer1)\n {\n if(version_is_less(version:dllVer1, test_version:\"6.3.9600.18302\"))\n {\n Vulnerable_range1 = \"Less than 6.3.9600.18302\";\n VULN1 = TRUE ;\n }\n }\n else if(dllVer2)\n {\n if(version_is_less(version:dllVer2, test_version:\"6.3.9600.18302\"))\n {\n Vulnerable_range2 = \"Less than 6.3.9600.18302\";\n VULN2 = TRUE ;\n }\n }\n}\n\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(dllVer1)\n {\n if(version_is_less(version:dllVer1, test_version:\"6.2.9200.21833\"))\n {\n Vulnerable_range1 = \"Less than 6.2.9200.21833\";\n VULN1 = TRUE ;\n }\n }\n else if(dllVer2)\n {\n if(version_is_less(version:dllVer2, test_version:\"6.2.9200.21831\"))\n {\n Vulnerable_range2 = \"Less than 6.2.9200.21831\";\n VULN2 = TRUE ;\n }\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(dllVer1)\n {\n if(version_is_less(version:dllVer1, test_version:\"10.0.10240.16384\"))\n {\n Vulnerable_range1 = \"Less than 10.0.10240.16384\";\n VULN1 = TRUE ;\n }\n else if(version_in_range(version:dllVer1, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.19\"))\n {\n Vulnerable_range1 = \"10.0.10586.0 - 10.0.10586.19\";\n VULN1 = TRUE ;\n }\n }\n else if(dllVer2)\n {\n if(version_is_less(version:dllVer2, test_version:\"10.0.10240.16841\"))\n {\n Vulnerable_range2 = \"Less than 10.0.10240.16841\";\n VULN2 = TRUE ;\n }\n else if(version_in_range(version:dllVer2, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.305\"))\n {\n Vulnerable_range2 = \"10.0.10586.0 - 10.0.10586.305\";\n VULN2 = TRUE ;\n }\n }\n}\n\n\n\nif(VULN1)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Win32k.sys\" + '\\n' +\n 'File version: ' + dllVer1 + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range1 + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nif(VULN2)\n{\n report = 'File checked: ' + sysPath + \"\\System32\\Dxgkrnl.sys\" + '\\n' +\n 'File version: ' + dllVer2 + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range2 + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:38:39", "description": "<html><body><p>Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.<br/><br/><br/>To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms16-062\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS16-062</a>. </div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important </span><ul class=\"sbody-free_list\"><li>All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-3\" target=\"_self\">2919355</a> to be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" id=\"kb-link-4\" target=\"_self\">2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates. </li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.<br/></li></ul></div><h2>Additional information about this security update</h2><div class=\"kb-moreinformation-section section\"><br/>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<br/><br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-6\" target=\"_self\">3153199</a> MS16-062: Description of the security update for Windows Kernel-Mode Drivers: May 10, 2016</li><li><a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-7\" target=\"_self\">3156017</a> MS16-062: Description of the security update for Windows Kernel-Mode Drivers: May 10, 2016</li><li><a href=\"https://support.microsoft.com/help/3156387\" id=\"kb-link-8\" target=\"_self\">3156387</a> Cumulative update for Windows 10: April 12, 2016</li><li><a href=\"https://support.microsoft.com/help/3156421\" id=\"kb-link-9\" target=\"_self\">3156421</a> Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: April 12, 2016</li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <br/><a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-11\" target=\"_self\">Get security updates automatically</a>.<br/><span class=\"text-base\">Note</span> For Windows RT 8.1, this update is available through Windows Update only.<br/></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Method 2: Microsoft Download Center</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.<br/><br/>Click the download link in <a href=\"https://technet.microsoft.com/library/security/ms16-062\" id=\"kb-link-12\" target=\"_self\">Microsoft Security Bulletin MS16-062</a> that corresponds to the version of Windows that you are running. <br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information<br/></span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h3 class=\"sbody-h3\"> Windows Vista (all editions)</h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3153199-x86.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.0-KB3156017-x86.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.0-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <strong class=\"uiterm\">Control Panel</strong>, and then click Security. Under <span class=\"sbody-userinput\">Windows Update</span>, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows Server 2008 (all editions)</h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3153199-x86.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.0-KB3156017-x86.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.0-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3153199-ia64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.0-KB3156017-ia64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support the uninstallation of updates. To uninstall an update installed by WUSA, click <strong class=\"uiterm\">Control Panel</strong>, and then click <strong class=\"uiterm\">Security</strong>. Under <span class=\"sbody-userinput\">Windows Update</span>, click <strong class=\"uiterm\">View installed updates</strong> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows 7 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3153199-x86.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.1-KB3156017-x86.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.1-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <strong class=\"uiterm\">/Uninstall</strong> setup switch or click <strong class=\"uiterm\">Control Panel</strong>, click <strong class=\"uiterm\">System and Security</strong>, click <strong class=\"uiterm\">View installed updates</strong> under <strong class=\"uiterm\">Windows Update</strong>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows Server 2008 R2 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.1-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3153199-ia64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows6.1-KB3156017-ia64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <strong class=\"uiterm\">/Uninstall</strong> setup switch or click <strong class=\"uiterm\">Control Panel</strong>, click <strong class=\"uiterm\">System and Security</strong>, click <strong class=\"uiterm\">View installed updates</strong>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-24\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows 8.1 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3153199-x86.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows8.1-KB3156017-x86.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows8.1-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <strong class=\"uiterm\">/Uninstall</strong> setup switch or click <strong class=\"uiterm\">Control Panel</strong>, click <strong class=\"uiterm\">System and Security</strong>, click <strong class=\"uiterm\">Windows Update</strong>, click <strong class=\"uiterm\">Installed updates</strong> under <strong class=\"uiterm\">See also</strong>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-26\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows Server 2012 and Windows Server 2012 R2 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3153199-x64.msu</span><br/><span class=\"text-base\">Windows8-RT-KB3156017-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3153199-x64.msu</span><span class=\"text-base\"><br/><span class=\"text-base\">Windows8.1-KB3156017-x64.msu</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-28\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <strong class=\"uiterm\">/Uninstall</strong> setup switch or click <strong class=\"uiterm\">Control Panel</strong>, click <strong class=\"uiterm\">System and Security</strong>, click <strong class=\"uiterm\">Windows Update</strong>, click <strong class=\"uiterm\">Installed updates</strong> under <strong class=\"uiterm\">See also</strong>, and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-29\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-30\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h3 class=\"sbody-h3\"> Windows RT and Windows RT 8.1 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">These updates are available via <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-31\" target=\"_self\">Windows Update</a> only.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <strong class=\"uiterm\">Control Panel</strong>, click <strong class=\"uiterm\">System and Security</strong>, click <strong class=\"uiterm\">Windows Update</strong>, and then under <strong class=\"uiterm\">See also</strong>, click <strong class=\"uiterm\">Installed updates</strong> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File Information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3153199\" id=\"kb-link-32\" target=\"_self\">Microsoft Knowledge Base article 3153199</a><br/>See <a href=\"https://support.microsoft.com/help/3156017\" id=\"kb-link-33\" target=\"_self\">Microsoft Knowledge Base article 3156017</a></td></tr></table></div><h3 class=\"sbody-h3\"> Windows 10 (all editions)<br/></h3><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3156387-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3156387-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3156421-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3156421-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-34\" target=\"_self\">Microsoft Knowledge Base article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under <span class=\"sbody-userinput\">See also</span>, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3156387\" id=\"kb-link-35\" target=\"_self\">Microsoft Knowledge Base article 3156387</a><br/>See <a href=\"https://support.microsoft.com/help/3156421\" id=\"kb-link-36\" target=\"_self\">Microsoft Knowledge Base article 3156421</a></td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-37\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-38\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-39\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-40\" target=\"_self\">International Support</a></div><br/></span></div></div></div><a class=\"bookmark\" id=\"fileinfo\"></a></div></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T00:00:00", "type": "mskb", "title": "MS16-062: Security update for kernel mode drivers: May 10, 2016", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0173", "CVE-2016-0196", "CVE-2016-0171", "CVE-2016-0176", "CVE-2016-0175", "CVE-2016-0197", "CVE-2016-0174"], "modified": "2016-05-10T17:33:11", "id": "KB3158222", "href": "https://support.microsoft.com/en-us/help/3158222/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-01-19T18:06:53", "description": "### *Detect date*:\n05/10/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 for x64-based Systems (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows RT 8.1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nInternet Explorer 10 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows 10 Version 1511 for 32-bit Systems \nWindows Vista Service Pack 2 \nInternet Explorer 11 \nWindows 10 Version 1511 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows Server 2008 for 32-bit Systems (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Vista x64 Edition Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0170](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0170>) \n[CVE-2016-0185](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0185>) \n[CVE-2016-0195](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0195>) \n[CVE-2016-0178](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0178>) \n[CVE-2016-0152](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0152>) \n[CVE-2016-0168](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0168>) \n[CVE-2016-0176](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0176>) \n[CVE-2016-0174](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0174>) \n[CVE-2016-0175](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0175>) \n[CVE-2016-0180](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0180>) \n[CVE-2016-0173](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0173>) \n[CVE-2016-0189](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0189>) \n[CVE-2016-0171](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0171>) \n[CVE-2016-0187](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0187>) \n[CVE-2016-0192](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0192>) \n[CVE-2016-0184](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0184>) \n[CVE-2016-0169](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0169>) \n[CVE-2016-0182](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0182>) \n[CVE-2016-0196](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0196>) \n[CVE-2016-0197](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0197>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2016-0185](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0185>)9.3Critical \n[CVE-2016-0189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189>)7.6Critical \n[CVE-2016-0187](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0187>)7.6Critical \n[CVE-2016-0192](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0192>)7.6Critical \n[CVE-2016-0197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0197>)7.2High \n[CVE-2016-0196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0196>)7.2High \n[CVE-2016-0195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0195>)9.3Critical \n[CVE-2016-0152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0152>)7.2High \n[CVE-2016-0168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0168>)4.3Warning \n[CVE-2016-0176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0176>)7.2High \n[CVE-2016-0174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0174>)7.2High \n[CVE-2016-0175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0175>)2.1Warning \n[CVE-2016-0180](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0180>)7.2High \n[CVE-2016-0173](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0173>)7.2High \n[CVE-2016-0170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0170>)9.3Critical \n[CVE-2016-0171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0171>)7.2High \n[CVE-2016-0184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0184>)9.3Critical \n[CVE-2016-0169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0169>)4.3Warning \n[CVE-2016-0182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0182>)9.3Critical \n[CVE-2016-0178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0178>)9.0Critical\n\n### *KB list*:\n[3156016](<http://support.microsoft.com/kb/3156016>) \n[3156013](<http://support.microsoft.com/kb/3156013>) \n[3141083](<http://support.microsoft.com/kb/3141083>) \n[3156019](<http://support.microsoft.com/kb/3156019>) \n[3155178](<http://support.microsoft.com/kb/3155178>) \n[3153171](<http://support.microsoft.com/kb/3153171>) \n[3156017](<http://support.microsoft.com/kb/3156017>) \n[3153199](<http://support.microsoft.com/kb/3153199>) \n[3155413](<http://support.microsoft.com/kb/3155413>) \n[3158991](<http://support.microsoft.com/kb/3158991>) \n[3150220](<http://support.microsoft.com/kb/3150220>) \n[3154070](<http://support.microsoft.com/kb/3154070>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T00:00:00", "type": "kaspersky", "title": "KLA11914 Multiple vulnerability in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0152", "CVE-2016-0168", "CVE-2016-0169", "CVE-2016-0170", "CVE-2016-0171", "CVE-2016-0173", "CVE-2016-0174", "CVE-2016-0175", "CVE-2016-0176", "CVE-2016-0178", "CVE-2016-0180", "CVE-2016-0182", "CVE-2016-0184", "CVE-2016-0185", "CVE-2016-0187", "CVE-2016-0189", "CVE-2016-0192", "CVE-2016-0195", "CVE-2016-0196", "CVE-2016-0197"], "modified": "2022-01-18T00:00:00", "id": "KLA11914", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11914/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T15:14:05", "description": "### *Detect date*:\n05/10/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information.\n\n### *Affected products*:\nWindows Server 2012 R2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for x64-based Systems (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows RT 8.1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Vista Service Pack 2 \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1511 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Vista x64 Edition Service Pack 2 \nWindows 10 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0185](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0185>) \n[CVE-2016-0189](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0189>) \n[CVE-2016-0181](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0181>) \n[CVE-2016-0197](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0197>) \n[CVE-2016-0196](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0196>) \n[CVE-2016-0195](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0195>) \n[CVE-2016-0152](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0152>) \n[CVE-2016-0168](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0168>) \n[CVE-2016-0176](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0176>) \n[CVE-2016-0174](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0174>) \n[CVE-2016-0175](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0175>) \n[CVE-2016-0180](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0180>) \n[CVE-2016-0173](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0173>) \n[CVE-2016-0170](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0170>) \n[CVE-2016-0171](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0171>) \n[CVE-2016-0190](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0190>) \n[CVE-2016-0184](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0184>) \n[CVE-2016-0169](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0169>) \n[CVE-2016-0182](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0182>) \n[CVE-2016-0178](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0178>) \n[CVE-2016-0179](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2016-0179>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2016-0185](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0185>)9.3Critical \n[CVE-2016-0189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189>)7.6Critical \n[CVE-2016-0181](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0181>)2.1Warning \n[CVE-2016-0197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0197>)7.2High \n[CVE-2016-0196](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0196>)7.2High \n[CVE-2016-0195](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0195>)9.3Critical \n[CVE-2016-0152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0152>)7.2High \n[CVE-2016-0168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0168>)4.3Warning \n[CVE-2016-0176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0176>)7.2High \n[CVE-2016-0174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0174>)7.2High \n[CVE-2016-0175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0175>)2.1Warning \n[CVE-2016-0180](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0180>)7.2High \n[CVE-2016-0173](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0173>)7.2High \n[CVE-2016-0170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0170>)9.3Critical \n[CVE-2016-0171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0171>)7.2High \n[CVE-2016-0190](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0190>)2.1Warning \n[CVE-2016-0184](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0184>)9.3Critical \n[CVE-2016-0169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0169>)4.3Warning \n[CVE-2016-0182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0182>)9.3Critical \n[CVE-2016-0178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0178>)9.0Critical \n[CVE-2016-0179](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0179>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3156421](<http://support.microsoft.com/kb/3156421>) \n[3156059](<http://support.microsoft.com/kb/3156059>) \n[3156016](<http://support.microsoft.com/kb/3156016>) \n[3153704](<http://support.microsoft.com/kb/3153704>) \n[3155784](<http://support.microsoft.com/kb/3155784>) \n[3156387](<http://support.microsoft.com/kb/3156387>) \n[3156013](<http://support.microsoft.com/kb/3156013>) \n[3141083](<http://support.microsoft.com/kb/3141083>) \n[3156019](<http://support.microsoft.com/kb/3156019>) \n[3155178](<http://support.microsoft.com/kb/3155178>) \n[3153171](<http://support.microsoft.com/kb/3153171>) \n[3156017](<http://support.microsoft.com/kb/3156017>) \n[3153199](<http://support.microsoft.com/kb/3153199>) \n[3158991](<http://support.microsoft.com/kb/3158991>) \n[3150220](<http://support.microsoft.com/kb/3150220>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-10T00:00:00", "type": "kaspersky", "title": "KLA10801 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0152", "CVE-2016-0168", "CVE-2016-0169", "CVE-2016-0170", "CVE-2016-0171", "CVE-2016-0173", "CVE-2016-0174", "CVE-2016-0175", "CVE-2016-0176", "CVE-2016-0178", "CVE-2016-0179", "CVE-2016-0180", "CVE-2016-0181", "CVE-2016-0182", "CVE-2016-0184", "CVE-2016-0185", "CVE-2016-0189", "CVE-2016-0190", "CVE-2016-0195", "CVE-2016-0196", "CVE-2016-0197"], "modified": "2022-01-18T00:00:00", "id": "KLA10801", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10801/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}