<< Back
CVE Number Vulnerability Product Severity Date
MS16-137 Security Update for Windows Authentication Methods (3199173) WindowsVistax64EditionServicePack2 Important 09-11-2016

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials.

Detailed Information on the risk:

An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.
To exploit this vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Windows Virtual Secure Mode handles objects in memory.

Further information on this exploit is available at : MS16-137

WindowsVistax64EditionServicePack2
WindowsVistaServicePack2
WindowsServer2016forx64-basedSystems
WindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsServer2008R2forx64-basedSystemsServicePack1(ServerCoreinstallation)
WindowsServer2008R2forx64-basedSystemsServicePack1
WindowsServer2008forx64-basedSystemsServicePack2(ServerCoreinstallation)
WindowsServer2008forx64-basedSystemsServicePack2
WindowsServer2008forItanium-basedSystemsServicePack2
WindowsServer2008for32-bitSystemsServicePack2(ServerCoreinstallation)
WindowsServer2008for32-bitSystemsServicePack2
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems
Windows8.1
Windows7forx64-basedSystemsServicePack1
Windows7for32-bitSystemsServicePack1
Windows10Version1607forx64-basedSystems
Windows10Version1607for32-bitSystems
Windows10Version1511forx64-basedSystems
Windows10Version1511for32-bitSystems
Windows10forx64-basedSystems
Windows10for32-bitSystems

Affected Software

WindowsVistax64EditionServicePack2
WindowsVistaServicePack2
WindowsServer2016forx64-basedSystems
WindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsServer2008R2forx64-basedSystemsServicePack1(ServerCoreinstallation)
WindowsServer2008R2forx64-basedSystemsServicePack1
WindowsServer2008forx64-basedSystemsServicePack2(ServerCoreinstallation)
WindowsServer2008forx64-basedSystemsServicePack2
WindowsServer2008forItanium-basedSystemsServicePack2
WindowsServer2008for32-bitSystemsServicePack2(ServerCoreinstallation)
WindowsServer2008for32-bitSystemsServicePack2
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems
Windows8.1
Windows7forx64-basedSystemsServicePack1
Windows7for32-bitSystemsServicePack1
Windows10Version1607forx64-basedSystems
Windows10Version1607for32-bitSystems
Windows10Version1511forx64-basedSystems
Windows10Version1511for32-bitSystems
Windows10forx64-basedSystems
Windows10for32-bitSystems