MS16-130 Microsoft Security Bulletin MS16-130: Security Update for Microsoft Windows
2016-11-08 This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Windows IME Elevation of Privilege Vulnerability
- An elevation of privilege vulnerability exists in Windows Input Method Editor (IME) when Windows Input Method Editor (IME) improperly handles DLL loading.
CVE-2016-7221 - Task Scheduler Elevation of Privilege Vulnerability
- This security update addresses an elevation of privilege vulnerability in the Windows Task Scheduler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.
CVE-2016-7222 - Windows Remote Code Execution Vulnerability
- Remote Code Execution vulnerability exists when Windows image file loading functionality does not properly handle malformed image files, which could allow an attacker to execute arbitrary code.
CVE-2016-7212
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
92.16%
Published
2016-11-10
Updated
2018-10-12
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-11-10
Updated
2018-10-12
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-11-10
Updated
2018-10-12