| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-138 | Security Update for Microsoft Virtual Hard Disk Driver (3199647) | WindowsServer2016 | Important | 09-11-2016 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.
Detailed Information on the risk:
Multiple elevation of privilege vulnerabilities exist when the Windows Virtual Hard Disk Driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerabilities could manipulate files in locations not intended to be available to the user.
To exploit the vulnerabilities, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.
The security update addresses the vulnerabilities by correcting how the kernel API restricts access to these files.
WindowsServer2016forx64-basedSystemsTo exploit the vulnerabilities, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.
The security update addresses the vulnerabilities by correcting how the kernel API restricts access to these files.
Further information on this exploit is available at : MS16-138
WindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems
Affected Software
WindowsServer2016forx64-basedSystemsWindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems