Windows : Microsoft Bulletins : Microsoft Windows Multiple Vulnerabilities (3178467)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809041

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Multiple Vulnerabilities (3178467)

Resumen: This host is missing an important security; update according to Microsoft Bulletin MS16-110

Descripción: Summary:
This host is missing an important security
update according to Microsoft Bulletin MS16-110

Vulnerability Insight:
Multiple flaws exist due to:

- An elevation of privilege vulnerability exists in the way that Windows
enforces permissions if an attacker loads a specially crafted DLL.

- An information disclosure vulnerability exists when Windows fails to properly
validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft
Account (MSA) login sessions.

- An improper handling of objects in memory.

Vulnerability Impact:
Successful exploitation will allow remote
attacker to run arbitrary code as a system administrator, to brute force a
user's NTLM password hash and to cause denial of service condition.

Affected Software/OS:
- Microsoft Windows 10 x32/x64

- Microsoft Windows 8.1 x32/x64

- Microsoft Windows Server 2012/2012R2

- Microsoft Windows 10 Version 1511 x32/x64

- Microsoft Windows 7 x32/x64 Service Pack 1 and prior

- Microsoft Windows Vista x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-3346
BugTraq ID: 92846
http://www.securityfocus.com/bid/92846
Microsoft Security Bulletin: MS16-110
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110
http://www.securitytracker.com/id/1036798
Common Vulnerability Exposure (CVE) ID: CVE-2016-3352
BugTraq ID: 92852
http://www.securityfocus.com/bid/92852
Common Vulnerability Exposure (CVE) ID: CVE-2016-3368
BugTraq ID: 92847
http://www.securityfocus.com/bid/92847
Common Vulnerability Exposure (CVE) ID: CVE-2016-3369
BugTraq ID: 92850
http://www.securityfocus.com/bid/92850

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809041
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Multiple Vulnerabilities (3178467)
Resumen:	This host is missing an important security; update according to Microsoft Bulletin MS16-110
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS16-110 Vulnerability Insight: Multiple flaws exist due to: - An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. - An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. - An improper handling of objects in memory. Vulnerability Impact: Successful exploitation will allow remote attacker to run arbitrary code as a system administrator, to brute force a user's NTLM password hash and to cause denial of service condition. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3346 BugTraq ID: 92846 http://www.securityfocus.com/bid/92846 Microsoft Security Bulletin: MS16-110 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110 http://www.securitytracker.com/id/1036798 Common Vulnerability Exposure (CVE) ID: CVE-2016-3352 BugTraq ID: 92852 http://www.securityfocus.com/bid/92852 Common Vulnerability Exposure (CVE) ID: CVE-2016-3368 BugTraq ID: 92847 http://www.securityfocus.com/bid/92847 Common Vulnerability Exposure (CVE) ID: CVE-2016-3369 BugTraq ID: 92850 http://www.securityfocus.com/bid/92850
Copyright	Copyright (C) 2016 Greenbone AG