Test ID:	1.3.6.1.4.1.25623.1.0.809832
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)
Summary:	This host is missing a critical security; update according to Microsoft Bulletin MS16-147.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS16-147. Vulnerability Insight: The flaw exists due to the way Windows Uniscribe handles objects in the memory. Vulnerability Impact: Successful exploitation will allow an attacker to take control of the affected system. An attacker could then: - install programs - view, change, or delete data - or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Affected Software/OS: - Microsoft Windows 8.1 x32/x64 - Microsoft Windows 10 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 - Microsoft Windows Server 2008 x32/x64 Service Pack 2 - Microsoft Windows 7 x32/x64 Service Pack 1 - Microsoft Windows Server 2008 R2 x64 Service Pack 1 - Microsoft Windows Server 2016 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7274 BugTraq ID: 94758 http://www.securityfocus.com/bid/94758 https://www.exploit-db.com/exploits/41615/ Microsoft Security Bulletin: MS16-147 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147 http://www.securitytracker.com/id/1037440
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.