MS16-039: Security Update for Microsoft Graphics Component (3148522)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by multiple vulnerabilities :

- Multiple elevation of privilege vulnerabilities exist in
the Windows kernel-mode driver due to a failure to
properly handle objects in memory. An attacker can
exploit these vulnerabilities to execute arbitrary code
in kernel mode. (CVE-2016-0143, CVE-2016-0165,
CVE-2016-0167)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts. An attacker can exploit this
vulnerability by convincing a user to open a file or
visit a website containing specially crafted embedded
fonts, resulting in the execution of arbitrary code in
the context of the current user. (CVE-2016-0145)

See also :

https://technet.microsoft.com/library/security/MS16-039

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft
has released a set of patches for Office 2007, Office 2010,
Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live
Meeting 2007 Console, .NET framework 3.0 SP2, .NET framework 3.5, and
.NET framework 3.5.1.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 90433 ()

Bugtraq ID: 85896
85899
85900
85903

CVE ID: CVE-2016-0143
CVE-2016-0145
CVE-2016-0165
CVE-2016-0167

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now