 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.809092 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (3199135) |
| Zusammenfassung: | This host is missing an important security; update according to Microsoft Bulletin MS16-135 |
| Beschreibung: | Summary: This host is missing an important security update according to Microsoft Bulletin MS16-135 Vulnerability Insight: Multiple flaws exist due to: - A kernel Address Space Layout Randomization (ASLR) bypass error. - The windows kernel-mode driver fails to properly handle objects in memory. - The windows bowser.sys kernel-mode driver fails to properly handle objects in memory. Vulnerability Impact: Successful exploitation will allow an attacker to retrieve the memory address of a kernel object, run arbitrary code in kernel mode and to log on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7214 BugTraq ID: 93991 http://www.securityfocus.com/bid/93991 Microsoft Security Bulletin: MS16-135 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135 http://www.securitytracker.com/id/1037251 Common Vulnerability Exposure (CVE) ID: CVE-2016-7215 BugTraq ID: 94000 http://www.securityfocus.com/bid/94000 http://www.zerodayinitiative.com/advisories/ZDI-16-592 Common Vulnerability Exposure (CVE) ID: CVE-2016-7218 BugTraq ID: 94004 http://www.securityfocus.com/bid/94004 Common Vulnerability Exposure (CVE) ID: CVE-2016-7246 BugTraq ID: 94063 http://www.securityfocus.com/bid/94063 http://www.zerodayinitiative.com/advisories/ZDI-16-594 Common Vulnerability Exposure (CVE) ID: CVE-2016-7255 BugTraq ID: 94064 http://www.securityfocus.com/bid/94064 https://www.exploit-db.com/exploits/40745/ https://www.exploit-db.com/exploits/40823/ https://www.exploit-db.com/exploits/41015/ http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/ http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html https://github.com/mwrlabs/CVE-2016-7255 https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/ https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |