| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-067 | Security Update for Volume Manager Driver (3155784) | Windows 8.1 | Important | 11-05-2016 |
Technical Information
Brief overview of the risk:
The vulnerability could allow information disclosure if a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.
Detailed Information on the risk:
An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user. An attacker who successfully exploited this vulnerability could obtain access to file and directory information on the mounting userÆs USB disk. This update addresses the vulnerability by ensuring that access to USB disks over RDP is correctly enforced to prevent non-mounting session access.
Windows 8.1 for 32-bit Systems Further information on this exploit is available at : MS16-067
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Affected Software
Windows 8.1 for 32-bit SystemsWindows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1