MS16-120: Security Update for Microsoft Graphics Component (3192884)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by multiple vulnerabilities :

- Multiple information disclosure vulnerabilities exist in
the Windows GDI component due to improper handling of
objects in memory. A local attacker can exploit these
vulnerabilities, via a specially crafted application, to
predict memory offsets in a call stack and bypass the
Address Space Layout Randomization (ASLR) feature,
resulting in the disclosure of memory contents.
(CVE-2016-3209, CVE-2016-3262, CVE-2016-3263)

- An elevation of privilege vulnerability exists in the
Windows kernel due to improper handling of objects in
memory. A local attacker can exploit this to elevate
privileges and execute code in kernel mode.
(CVE-2016-3270)

- A remote code execution vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this vulnerability by convincing a user to
visit a specially crafted website or open a specially
crafted file, resulting in the execution of arbitrary
code in the context of the current user. (CVE-2016-3393)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts. An unauthenticated, remote attacker
can exploit this vulnerability by convincing a user to
visit a specially crafted website or open a specially
crafted document file, resulting in the execution of
arbitrary code in the context of the current user.
(CVE-2016-3396)

- An elevation of privilege vulnerability exists in the
Windows GDI component due to improper handling of
objects in memory. A local attacker can exploit this to
elevate privileges and execute code in kernel mode.
(CVE-2016-7182)

See also :

https://technet.microsoft.com/library/security/MS16-120

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10. Additionally, Microsoft
has released a set of patches for Office 2007, Office 2010, Word
Viewer, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting
2007 Console, .NET Framework 3.0 SP2, .NET Framework 3.5, .NET
Framework 3.5.1, .NET Framework 4.5.2, .NET Framework 4.6, and
Silverlight 5.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 94017 ()

Bugtraq ID: 93377
93380
93385
93390
93394
93395
93403

CVE ID: CVE-2016-3209
CVE-2016-3262
CVE-2016-3263
CVE-2016-3270
CVE-2016-3393
CVE-2016-3396
CVE-2016-7182

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now