JSON View XML View

Key Value
MTID M116147
Title (MS16-149) Microsoft Windows Installer Privilege Escalation (3205655)
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw occurs in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. Successful exploitation could allow a local user to gain elevated privileges.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-149

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS17-001
- Cumulative Update for Windows 10 (KB3210720): KB3210720
- Cumulative Update for Windows 10 for x64-based Systems (KB3210720): KB3210720
- Cumulative Update for Windows 10 Version 1511 (KB3210721): KB3210721
- Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3210721): KB3210721

The patches for the following products are superseded by patches provided in: MS17-004
- Microsoft Windows Server 2008: KB3216775
- Microsoft Windows Server 2008 for x64-based Systems: KB3216775
- Microsoft Windows Vista: KB3216775
- Microsoft Windows Vista for x64-based Systems: KB3216775

https://technet.microsoft.com/library/security/MS17-001
https://technet.microsoft.com/library/security/MS17-004

Vendor Microsoft
Attack Vector Authenticated locally logged on user with limited privileges
Importance 5
Impact 10.00084536000
Threat Score 7.15
Labels
Patch Tuesday
References
CVECVE-2016-7292
MSFTBulletinMS16-149
MSFTQNumber3205655
DISA IAVA2016-A-0350
MTIDM116147
CPEs
cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium
cpe:/o:microsoft:windows_7::sp1:x64
cpe:/o:microsoft:windows_server_2008:r2:sp1:x64
cpe:/o:microsoft:windows_server_2008:-:sp2:itanium
cpe:/o:microsoft:windows_7::sp1:x86
cpe:/o:microsoft:windows_server_2012
cpe:/o:microsoft:windows_8.1
cpe:/o:microsoft:windows_8.1:::x64
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_rt:8.1
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_10:::x64
cpe:/o:microsoft:windows:10_version_1511:10_version_1511
cpe:/o:microsoft:windows:10_version_1511_x64:10_version_1511_x64
cpe:/a:microsoft:windows:10_version_1607
cpe:/a:microsoft:windows:10_version_1607::x64
cpe:/a:microsoft:windows_server:2016:x64
Created At 2016-12-13 00:00:00 UTC
Updated At 2017-02-16 15:09:53 UTC

Back