Security Update for Windows Media to Address Remote Code Execution (MS16-027)

ITS Advisory Number: 
2016-043
Date(s) Issued: 
Tuesday, March 8, 2016
Subject: 
Security Update for Windows Media to Address Remote Code Execution (MS16-027)
Overview: 

Multiple vulnerabilities have been discovered in Microsoft Windows Media Parsing, which could allow remote code execution. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 8.1 32bit
  • Microsoft Windows 8.1 64bit
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows RT 8.1
  • Microsoft Windows 10
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple vulnerabilities have been discovered in Windows Media Center. The details are as follows:

  • A vulnerability exists in Windows Media Center that could allow remote code execution if a user opens specially crafted media content that is hosted on a website. To exploit the vulnerabilities, an attacker could host media content on a website or send an attachment in an email and then convince a user to open it. [CVE-2016-0101]
  • A vulnerability exists in Windows Media Center that could allow remote code execution if a user opens specially crafted media content that is hosted on a website. To exploit the vulnerabilities, an attacker could host media content on a website or send an attachment in an email and then convince a user to open it. [CVE-2016-0098]

An attacker who successfully exploits these vulnerabilities at worst, could take control of an affected system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • After appropriate testing, apply appropriate patches provided by Microsoft to vulnerable systems immediately.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.