[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Dec 16 05:21:10 PST 2016
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 528 Published: Thu, 15 Dec 2016 19:59:01 GMT
New Fixlets:
============
***************************************************************
Title: VHD Driver Elevation of Privilege Vulnerability - CVE-2016-7224 (MS16-138)
Severity: Low
Fixlet ID: 149802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1498
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7224
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
***************************************************************
Title: VHD Driver Elevation of Privilege Vulnerability - CVE-2016-7223 (MS16-138)
Severity: Low
Fixlet ID: 149902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1499
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7223
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
***************************************************************
Title: VHD Driver Elevation of Privilege Vulnerability - CVE-2016-7225 (MS16-138)
Severity: Low
Fixlet ID: 150001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1500
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7225
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
***************************************************************
Title: VHD Driver Elevation of Privilege Vulnerability - CVE-2016-7226 (MS16-138)
Severity: Low
Fixlet ID: 150101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1501
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7226
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
***************************************************************
Title: SQL RDBMS Engine EoP vulnerability - CVE-2016-7254 (MS16-136)
Severity: Medium
Fixlet ID: 151302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1513
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7254
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
***************************************************************
Title: SQL Server Agent Elevation of Privilege Vulnerability - CVE-2016-7253 (MS16-136)
Severity: Medium
Fixlet ID: 151402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1514
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7253
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2016-7216 (MS16-139)
Severity: Low
Fixlet ID: 151601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1516
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7216
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
***************************************************************
Title: Secure Boot Component Vulnerability - CVE-2016-7247 (MS16-140)
Severity: Medium
Fixlet ID: 151702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1517
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7247
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
More information about the WinVulns-Announcements
mailing list