Security Update for Microsoft Windows to Address Remote Code Execution (MS16-007)

ITS Advisory Number: 
2016-010
Date(s) Issued: 
Tuesday, January 12, 2016
Subject: 
Security Update for Microsoft Windows to Address Remote Code Execution (MS16-007)
Overview: 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

An attacker who successfully exploits this vulnerability could gain the same user rights as the current user and the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 Itanium-based Systems Service Pack 2
  • Windows Service 2008 R2 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 Itanium-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8.1 for 32-bit Systems
  • Windows 8 for x64-based Systems
  • Windows 8.1 for x64-based Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64 based Systems Service Pack 1
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1
  • Server Core Installations for Windows Server 2008 32-bit Systems Service Pack 2
  • Server Core Installations for Windows Server 2008 64-bit Systems Service Pack 2
  • Server Core Installations for Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Server Core Installations for Windows Server 2012
  • Server Core Installations for Windows Server 2012 R2
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple remote code execution vulnerabilities exist when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

A remote code execution vulnerability exists when Microsoft DirectShow improperly validates user input. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Multiple elevation of privilege vulnerabilities exist when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerabilities could elevate their privileges on a targeted system

Actions: 
  • After appropriate testing, apply appropriate patches provided by Microsoft to vulnerable systems.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.