 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.809092 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (3199135) |
| Resumen: | This host is missing an important security; update according to Microsoft Bulletin MS16-135 |
| Descripción: | Summary: This host is missing an important security update according to Microsoft Bulletin MS16-135 Vulnerability Insight: Multiple flaws exist due to: - A kernel Address Space Layout Randomization (ASLR) bypass error. - The windows kernel-mode driver fails to properly handle objects in memory. - The windows bowser.sys kernel-mode driver fails to properly handle objects in memory. Vulnerability Impact: Successful exploitation will allow an attacker to retrieve the memory address of a kernel object, run arbitrary code in kernel mode and to log on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7214 BugTraq ID: 93991 http://www.securityfocus.com/bid/93991 Microsoft Security Bulletin: MS16-135 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135 http://www.securitytracker.com/id/1037251 Common Vulnerability Exposure (CVE) ID: CVE-2016-7215 BugTraq ID: 94000 http://www.securityfocus.com/bid/94000 http://www.zerodayinitiative.com/advisories/ZDI-16-592 Common Vulnerability Exposure (CVE) ID: CVE-2016-7218 BugTraq ID: 94004 http://www.securityfocus.com/bid/94004 Common Vulnerability Exposure (CVE) ID: CVE-2016-7246 BugTraq ID: 94063 http://www.securityfocus.com/bid/94063 http://www.zerodayinitiative.com/advisories/ZDI-16-594 Common Vulnerability Exposure (CVE) ID: CVE-2016-7255 BugTraq ID: 94064 http://www.securityfocus.com/bid/94064 https://www.exploit-db.com/exploits/40745/ https://www.exploit-db.com/exploits/40823/ https://www.exploit-db.com/exploits/41015/ http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/ http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html https://github.com/mwrlabs/CVE-2016-7255 https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/ https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |