2016-11-08 This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Vulnerabilities addressed in this bulletin:
Win32k Information Disclosure Vulnerability
An Information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.
CVE-2016-7214
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory.
CVE-2016-7215
Windows Bowser.sys Information Disclosure Vulnerabilty
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory.
CVE-2016-7218
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory.
CVE-2016-7246
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory.
CVE-2016-7255

Bulletin details at Microsoft.com

Related CVE Entries

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."
Max CVSS
3.3
EPSS Score
0.09%
Published
2016-11-10
Updated
2018-10-12
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-11-10
Updated
2018-10-12
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."
Max CVSS
4.7
EPSS Score
0.05%
Published
2016-11-10
Updated
2018-10-12
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-7255

Known exploited
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
0.64%
Published
2016-11-10
Updated
2018-10-12
CISA KEV Added
2021-11-03
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!