Windows : Microsoft Bulletins : Microsoft Windows Privilege Escalation Vulnerabilities (3178465)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.808291

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Privilege Escalation Vulnerabilities (3178465)

Resumen: This host is missing an important security; update according to Microsoft Bulletin MS16-101.

Descripción: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS16-101.

Vulnerability Insight:
Multiple flaws are due to:

- An elevation of privilege vulnerability exists when Windows Netlogon
improperly establishes a secure communications channel to a domain controller.

- An elevation of privilege vulnerability exists in Windows when Kerberos
improperly handles a password change request and falls back to
NT LAN Manager (NTLM) Authentication Protocol as the default authentication
protocol.

Vulnerability Impact:
Successful exploitation will allow attackers
to bypass certain security restrictions and perform unauthorized actions by
conducting a man-in-the-middle attack. This may lead to other attacks.

Affected Software/OS:
- Microsoft Windows 10 x32/x64

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Server 2012/2012R2

- Microsoft Windows 10 Version 1511 x32/x64

- Microsoft Windows 10 Version 1607 x32/x64

- Microsoft Windows Vista x32/x64 Service Pack 2

- Microsoft Windows Server 2008 x32/x64 Service Pack 2

- Microsoft Windows 7 x32/x64 Service Pack 1

- Microsoft Windows Server 2008 R2 x64 Service Pack 1

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-3237
BugTraq ID: 92290
http://www.securityfocus.com/bid/92290
https://www.exploit-db.com/exploits/40409/
Microsoft Security Bulletin: MS16-101
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101
http://www.securitytracker.com/id/1036576
Common Vulnerability Exposure (CVE) ID: CVE-2016-3300
BugTraq ID: 92296
http://www.securityfocus.com/bid/92296

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.808291
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Privilege Escalation Vulnerabilities (3178465)
Resumen:	This host is missing an important security; update according to Microsoft Bulletin MS16-101.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS16-101. Vulnerability Insight: Multiple flaws are due to: - An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure communications channel to a domain controller. - An elevation of privilege vulnerability exists in Windows when Kerberos improperly handles a password change request and falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 - Microsoft Windows Server 2008 x32/x64 Service Pack 2 - Microsoft Windows 7 x32/x64 Service Pack 1 - Microsoft Windows Server 2008 R2 x64 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3237 BugTraq ID: 92290 http://www.securityfocus.com/bid/92290 https://www.exploit-db.com/exploits/40409/ Microsoft Security Bulletin: MS16-101 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101 http://www.securitytracker.com/id/1036576 Common Vulnerability Exposure (CVE) ID: CVE-2016-3300 BugTraq ID: 92296 http://www.securityfocus.com/bid/92296
Copyright	Copyright (C) 2016 Greenbone AG