MS16-130  Microsoft Security Bulletin MS16-130: Security Update for Microsoft Windows

2016-11-08 This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.
Vulnerabilities addressed in this bulletin:
Windows IME Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when Windows Input Method Editor (IME) improperly handles DLL loading.
CVE-2016-7221
Task Scheduler Elevation of Privilege Vulnerability
This security update addresses an elevation of privilege vulnerability in the Windows Task Scheduler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.
CVE-2016-7222
Windows Remote Code Execution Vulnerability
Remote Code Execution vulnerability exists when Windows image file loading functionality does not properly handle malformed image files, which could allow an attacker to execute arbitrary code.
CVE-2016-7212

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2016-7212

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
92.16%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-7221

Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-7222

Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-11-10
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close