漏洞信息
Multiple elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system.
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
This security update is rated Important for all supported releases of Windows.
漏洞危害
Successful exploitation could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
解决方案
Customers are advised to refer to MS16-098 for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS16-098: Windows Vista Service Pack 2
MS16-098: Windows Vista x64 Edition Service Pack 2
MS16-098: Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-098: Windows Server 2008 for x64-based Systems Service Pack 2
MS16-098: Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-098: Windows 7 for 32-bit Systems Service Pack 1
MS16-098: Windows 7 for x64-based Systems Service Pack 1
MS16-098: Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-098: Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-098: Windows 8.1 for 32-bit Systems
MS16-098: Windows 8.1 for x64-based Systems
MS16-098: Windows Server 2012 R2
MS16-098: Windows 10 for 32-bit Systems
MS16-098: Windows 10 for x64-based Systems
MS16-098: Windows 10 Version 1511 for 32-bit Systems
MS16-098: Windows 10 Version 1511 for x64-based Systems
MS16-098: Windows 10 Version 1607 for 32-bit Systems
MS16-098: Windows 10 Version 1607 for x64-based Systems
原文来源:http://www.aqdog.com
www.0daybank.org
文章评论