CVE-2016-0070 Microsoft Windows Security Update for Windows Registry (MS16-124)

2016年10月12日 100309点热度 0人点赞 0条评论

漏洞类别：Windows

漏洞等级：

漏洞信息

Multiple elevation of privilege vulnerabilities exist in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information.

Microsoft released a security update to correct how the kernel API restricts access to this information.

This security update is rated Important for all supported releases of Microsoft Windows.

漏洞危害

The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

解决方案

Customers are advised to refer to MS16-124 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-124: Windows Vista Service Pack 2

MS16-124: Windows Vista x64 Edition Service Pack 2

MS16-124: Windows Server 2008 for 32-bit Systems Service Pack 2

MS16-124: Windows Server 2008 for x64-based Systems Service Pack 2

MS16-124: Windows Server 2008 for Itanium-based Systems Service Pack 2

MS16-124: Windows 7 for 32-bit Systems Service Pack 1

MS16-124: Windows 7 for x64-based Systems Service Pack 1

MS16-124: Windows Server 2008 R2 for x64-based Systems Service Pack 1

MS16-124: Windows Server 2008 R2 for Itanium-based Systems Service Pack 1