 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.807065 |
| Category: | Windows : Microsoft Bulletins |
| Title: | Microsoft Windows Multiple Vulnerabilities (3134228) |
| Summary: | This host is missing an important security; update according to Microsoft Bulletin MS16-014. |
| Description: | Summary: This host is missing an important security update according to Microsoft Bulletin MS16-014. Vulnerability Insight: Multiple flaws are due to: - Windows kernel improperly handles objects in memory. - Windows improperly validates input before loading dynamic link library (DLL) files. - Insufficient validation of input by Microsoft Sync Framework. - Kerberos fails to check the password change of a user signing into a workstation. - A security feature bypass vulnerability exists in Windows Remote Desktop Protocol, that is caused when Windows hosts running RDP services fail to prevent remote logon to accounts that have no passwords set. - Multiple elevation of privilege vulnerabilities exist when Windows improperly validates input before loading dynamic link library (DLL) files. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code in kernel mode, to cause denial of service conditions, to bypass authentication and can launch further attacks. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 - Microsoft Windows Server 2008 x32/x64 Service Pack 2 - Microsoft Windows 7 x32/x64 Service Pack 1 - Microsoft Windows Server 2008 R2 x64 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-0040 https://www.exploit-db.com/exploits/44586/ Microsoft Security Bulletin: MS16-014 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 http://www.securitytracker.com/id/1034985 Common Vulnerability Exposure (CVE) ID: CVE-2016-0041 http://seclists.org/fulldisclosure/2016/Feb/49 https://www.securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html Microsoft Security Bulletin: MS16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 http://www.securitytracker.com/id/1034971 Common Vulnerability Exposure (CVE) ID: CVE-2016-0042 Common Vulnerability Exposure (CVE) ID: CVE-2016-0044 Common Vulnerability Exposure (CVE) ID: CVE-2016-0049 BugTraq ID: 82535 http://www.securityfocus.com/bid/82535 https://www.exploit-db.com/exploits/39442/ http://packetstormsecurity.com/files/135797/Windows-Kerberos-Security-Feature-Bypass.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |