<< Back
CVE Number Vulnerability Product Severity Date
MS16-138 Security Update for Microsoft Virtual Hard Disk Driver (3199647) WindowsServer2016 Important 09-11-2016

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

Detailed Information on the risk:

Multiple elevation of privilege vulnerabilities exist when the Windows Virtual Hard Disk Driver fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerabilities could manipulate files in locations not intended to be available to the user.
To exploit the vulnerabilities, an attacker would need access to the local system and the ability to execute a specially crafted application on the system.
The security update addresses the vulnerabilities by correcting how the kernel API restricts access to these files.

Further information on this exploit is available at : MS16-138

WindowsServer2016forx64-basedSystems
WindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems

Affected Software

WindowsServer2016forx64-basedSystems
WindowsServer2012R2(ServerCoreinstallation)
WindowsServer2012andWindowsServer2012R2
WindowsServer2012(ServerCoreinstallation)
WindowsRT8.1[1]
Windows8.1forx64-basedSystems
Windows8.1for32-bitSystems