MS16-111 Security Update for Windows Kernel
2016-09-13 This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Windows Session Object Elevation of Privilege Vulnerability
- Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects.
CVE-2016-3305 - Windows Session Object Elevation of Privilege Vulnerability
- Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects.
CVE-2016-3306 - Windows Kernel Elevation of Privilege Vulnerability
- An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions.
CVE-2016-3371 - Windows Kernel Elevation of Privilege Vulnerability
- An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions.
CVE-2016-3372 - Windows Kernel Elevation of Privilege Vulnerability
- An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information.
CVE-2016-3373
Bulletin details at Microsoft.com
Related CVE Entries
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-09-14
Updated
2019-05-15
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-09-14
Updated
2019-05-15
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Max CVSS
5.5
EPSS Score
0.38%
Published
2016-09-14
Updated
2018-10-12
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Max CVSS
6.6
EPSS Score
0.08%
Published
2016-09-14
Updated
2018-10-12
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Max CVSS
5.5
EPSS Score
0.26%
Published
2016-09-14
Updated
2018-10-12