search cancel

Symantec product detections for Microsoft monthly Security Advisories - January 2016

book

Article ID: 162801

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Resolution

ID and Rating
CAN/CVE ID: CVE-2016-0002
BID: 79894
Microsoft ID: MS16-001
MSKB: KB3124903
Microsoft Rating: Critical
Vulnerability Type
Cumulative Security Update for Internet Explorer
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7.0 Microsoft VBScript 5.7 Microsoft VBScript 5.8 Microsoft JScript 5.7
Details
A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0003
BID: 79893
Microsoft ID: MS16-002
MSKB: KB3124904
Microsoft Rating: Critical
Vulnerability Type
Cumulative Security Update for Microsoft Edge
Remote Code Execution (RCE)
Vulnerability Affects Microsoft Edge
Details
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0024
BID: 79891
Microsoft ID: MS16-002
MSKB: KB3124904
Microsoft Rating: Critical
Vulnerability Type
Cumulative Security Update for Microsoft Edge
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Edge
Details
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge.
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections AV: Under review
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0002
BID: 79894
Microsoft ID: MS16-003
MSKB: KB3125540
Microsoft Rating: Critical
Vulnerability Type
Cumulative Security Update for JScript and VBScript to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7.0 Microsoft VBScript 5.7 Microsoft VBScript 5.8 Microsoft JScript 5.7
Details
A remote code execution vulnerability exists in the way that the VBScript engine renders, when handling objects in memory in Internet Explorer.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections AV: Under review
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0010
BID: 80029
Microsoft ID: MS16-004
MSKB: KB3124585
Microsoft Rating: Critical
Vulnerability Type
Security Update for Microsoft Office to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Office 2007 SP3 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Excel for Mac 2011 Microsoft PowerPoint for Mac 2011 Microsoft Word for Mac 2011 Microsoft Excel 2016 for Mac Microsoft PowerPoint 2016 for Mac Microsoft Word 2016 for Mac Microsoft Word Viewer
Details
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0009
BID: 79887
Microsoft ID: MS16-005
MSKB: KB3124584
Microsoft Rating: Critical
Vulnerability Type
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows Vista Service Pack 2 Microsoft Windows 8 for 32-bit Systems Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2
Details
A remote code execution vulnerability exists in the way that Windows handles objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code on a target system.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0034
BID: 79881
Microsoft ID: MS16-006
MSKB: KB3126036
Microsoft Rating: Critical
Vulnerability Type
Security Update for Silverlight to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Silverlight 5.0 Microsoft Silverlight 5 Developer Runtime
Details
 A remote code execution vulnerability exists when Microsoft Silverlight incorrectly handles certain open and close requests that can result in read- and write-access violations.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0005
BID: 79892
Microsoft ID: MS16-001
MSKB: KB3124903
Microsoft Rating: Important
Vulnerability Type
Cumulative Security Update for Internet Explorer
Elevation of Priviledge (EOP)
Vulnerability Affects
Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11
Details
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.
The update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Internet Explorer.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0011
BID: 80030
Microsoft ID: MS16-004
MSKB: KB3124585
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Office to Address Remote Code Execution
Security Feature Bypass
Vulnerability Affects
Microsoft SharePoint Foundation 2013 SP1
Details
A security feature bypass exists when Microsoft Office fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections AV: Under review
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0012
BID: 80031
Microsoft ID: MS16-004
MSKB: KB3124585
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Office to Address Remote Code Execution
Security Feature Bypass
Vulnerability Affects
Microsoft Office 2007 SP3 Microsoft Excel 2007 SP3 Microsoft PowerPoint 2007 SP3 Microsoft Visio 2007 SP3 Microsoft Word 2007 SP3 Microsoft Office 2010 (32-bit edition) SP2 Microsoft Office 2010 (64-bit edition) SP2 Microsoft Excel 2010 SP2 (32-bit editions) Microsoft Excel 2010 SP2 (64-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft Visio 2010 Service Pack 2 (32-bit editions) Microsoft Visio 2010 Service Pack 2 (64-bit edititions) Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) Microsoft Visio 2013 Service Pack 1 (32-bit editions) Microsoft Visio 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft PowerPoint 2013 RT Service Pack 1 Microsoft Word 2013 RT Service Pack 1 Microsoft Office 2016 (32-bit edition) Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Visio 2016 (32-bit edition) Microsoft Visio 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition)
Details
A security feature bypass exists when Microsoft Office fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-0035
BID: 80028
Microsoft ID: MS16-004
MSKB: KB3124585
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Office to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Excel 2007 SP3 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016 (32-bit editions) Microsoft Excel 2016 (64-bit editions) Microsoft Excel for Mac 2011 Microsoft Excel 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Excel Viewer
Details
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
ID and Rating
CAN/CVE ID: CVE-2016-6117
BID: 80030
Microsoft ID: MS16-004
MSKB: KB3124585
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Office to Address Remote Code Execution
Security Feature Bypass
Vulnerability Affects
Microsoft SharePoint Foundation 2013 SP1
Details
A security feature bypass exists in Microsoft SharePoint when Access Control Policy (ACP) configuration settings are not enforced correctly.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections AV: Under review
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0008
BID: 79885
Microsoft ID: MS16-005
MSKB: KB3124584
Microsoft Rating: Important
Vulnerability Type
Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution
Security Feature Bypass
Vulnerability Affects
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Vista Service Pack 2 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2
Details
A security feature bypass vulnerability exists in the way that the Windows graphics device interface handles objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0014 
BID: 79896
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Elevation of Priviledge (EOP)
Vulnerability Affects
Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
An elevation of privilege vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files.
An attacker who successfully exploited the vulnerability could elevate their privileges on a targeted system.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: 
[SCSPBP1] Generic Windows Interactive Protection
[SCSPBP5] Specific Windows Service Protection
ID and Rating
CAN/CVE ID: CVE-2016-0015
BID: 79900
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A remote code execution vulnerability exists when DirectShow improperly validates user input.
An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. 
If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: Under review
Data Center Security:
[SCSPBP1] Generic Windows Interactive Protection
[SCSPBP5] Specific Windows Service Protection
ID and Rating
CAN/CVE ID: CVE-2016-0016
BID: 79902
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security:
[SCSPBP1] Generic Windows Interactive Protection
[SCSPBP5] Specific Windows Service Protection
ID and Rating
CAN/CVE ID: CVE-2016-0018
BID: 79906
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Remote Code Execution (RCE)
Vulnerability Affects
Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows Server 2012 R2 Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Intrusion Protection System (IPS) Response Sig ID: Under review
Other Detections

AV: N/A
Data Center Security:
[SCSPBP1] Generic Windows Interactive Protection
[SCSPBP5] Specific Windows Service Protection

 

ID and Rating
CAN/CVE ID: CVE-2016-0019
BID: 79908
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Security Feature Bypass
Vulnerability Affects
Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A security feature bypass vulnerability exists in Windows Remote Desktop Protocol (RDP) that is caused when Windows 10 hosts running RDP services fail to prevent remote logon to accounts that have no passwords set.
An attacker who successfully exploited this vulnerability could gain access to the remote host as another user, possibly with elevated privileges.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: N/A
ID and Rating
CAN/CVE ID: CVE-2016-0020
BID: 79909
Microsoft ID: MS16-007
MSKB: KB3124901
Microsoft Rating: Important
Vulnerability Type
Security Update for Microsoft Windows to Address Remote Code Execution
Elevation of Priviledge (EOP)
Vulnerability Affects
Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Details
An elevation of privilege vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files.
An attacker who successfully exploited the vulnerability could elevate their privileges on a targeted system.
 
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security:
[SCSPBP1] Generic Windows Interactive Protection
[SCSPBP5] Specific Windows Service Protection
ID and Rating
CAN/CVE ID: CVE-2016-0006
BID: 79882
Microsoft ID: MS16-008
MSKB: KB3124605
Microsoft Rating: Important
Vulnerability Type
Security Update for Kernel to Address Elevation of Privilege
Elevation of Priviledge (EOP)
Vulnerability Affects
Microsoft Windows Vista SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A vulnerability exists when Windows improperly handles a TOCTOU condition while validating junctions in certain scenarios in which mount points are being created.
An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the local system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: N/A
ID and Rating 
CAN/CVE ID: CVE-2016-0007
BID: 79898
Microsoft ID: MS16-008
MSKB: KB3124605
Microsoft Rating: Important
Vulnerability Type
Security Update for Kernel to Address Elevation of Privilege
Elevation of Priviledge (EOP)
Vulnerability Affects
Microsoft Windows Vista SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 for 32-bit Systems Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 8 for 32-bit Systems Microsoft Windows Server 2012 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Windows 10 version 1511 for 32-bit Systems Microsoft Windows 10 version 1511 for x64-based Systems
Details
A vulnerability exists when Windows improperly handles a TOCTOU condition while validating junctions in certain scenarios in which mount points are being created. 
An attacker who successfully exploited the vulnerability could run arbitrary code in the security context of the local system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
ate with administrative user rights.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Data Center Security: N/A