CVE-2016-3393 Microsoft Windows Graphics Component Security Update (MS16-120)

- A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory.

- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.

- Multiple information disclosure vulnerabilities exist in the way that the Windows Graphics Device Interface (GDI) handles objects in memory.

- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory.

- An elevation of privilege vulnerability exists in Windows when the Windows kernel fails to properly handle objects in memory.

This security update is rated Critical for all supported releases of Microsoft Windows. This security update is rated Important for affected editions of Microsoft Office 2007 and Microsoft Office 2010 affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010 affected editions of Microsoft .NET Framework affected editions of Silverlight.

Successful exploitation allows remote code execution.

Customers are advised to refer to Microsoft Advisory MS16-120 for more details pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-120