MS16-067: Security Update for Volume Manager Driver (3155784)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an information disclosure
vulnerability.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by an information disclosure vulnerability due to
a failure to correctly tie the session of the mounting user to the USB
disk being mounted. This issue occurs when the USB disk is mounted
over the Remote Desktop Protocol (RDP) via RemoteFX. An attacker can
exploit this to access the file and directory information on the
mounted USB disk.

See also :

https://technet.microsoft.com/library/security/MS16-067

Solution :

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,
and 2012 R2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 91016 ()

Bugtraq ID: 90075

CVE ID: CVE-2016-0190

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now