JSON View XML View

Key Value
MTID M114458
Title (MS16-111) Microsoft Windows Kernel API User Permissions Privilege Escalation II (3186973)
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Kernel API component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-111

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-142
- Cumulative Update for Windows 10 Version 1511 (KB3198586): KB3198586
- Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3198586): KB3198586
- November, 2016 Security Monthly Quality Rollup for Windows 7 (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ( (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3197868): KB3197868

The patches for the following products are superseded by patches provided in: MS16-139
- Microsoft Windows Server 2008: KB3198483
- Microsoft Windows Server 2008 x64 Edition: KB3198483
- Microsoft Windows Vista: KB3198483
- Microsoft Windows Vista for x64-based Systems: KB3198483

The patches for the following products are superseded by patches provided in: MS16-124
- WES09 and POSReady 2009: KB3191256

https://technet.microsoft.com/library/security/MS16-142
https://technet.microsoft.com/library/security/MS16-139
https://technet.microsoft.com/library/security/MS16-124

Vendor Microsoft
Attack Vector Authenticated locally logged on user with limited privileges
Importance 5
Impact 4.938243750
Threat Score 3.58
Labels
Patch Tuesday
References
CVECVE-2016-3372
MSFTBulletinMS16-111
MSFTQNumber3186973
DISA IAVA2016-A-0242
MTIDM114458
CPEs
cpe:/o:microsoft:windows_vista:sp2
cpe:/o:microsoft:windows_server_2008::sp2
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_server_2008::sp2:itanium
Created At 2016-09-13 00:00:00 UTC
Updated At 2016-11-19 10:32:34 UTC

Back