MS16-056: Security Update for Windows Journal (3156761)
High Nessus Plugin ID 91006
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Windows Journal due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Journal file, resulting in the execution of arbitrary code in the context of the current user.
SolutionMicrosoft has released a set of patches for Windows Vista, 7, 8.1, RT 8.1, and 10. Alternatively, apply the workaround referenced in the vendor advisory.