CVE-2016-0142 Microsoft Video Control Remote Code Execution Vulnerability (MS16-122)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory.

This security update is rated Critical on the following client operating systems: Microsoft Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, and Windows 10.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

Customers are advised to refer to MS16-122 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-122: Windows Vista Service Pack 2

MS16-122: Windows Vista x64 Edition Service Pack 2

MS16-122: Windows 7 for 32-bit Systems Service Pack 1

MS16-122: Windows 7 for 32-bit Systems Service Pack 1

MS16-122: Windows 7 for x64-based Systems Service Pack 1

MS16-122: Windows 7 for x64-based Systems Service Pack 1

MS16-122: Windows 8.1 for 32-bit Systems

MS16-122: Windows 8.1 for 32-bit Systems

MS16-122: Windows 8.1 for x64-based Systems

MS16-122: Windows 8.1 for x64-based Systems

MS16-122: Windows 10 for 32-bit Systems

MS16-122: Windows 10 for x64-based Systems

MS16-122: Windows 10 Version 1511 for 32-bit Systems

MS16-122: Windows 10 Version 1511 for x64-based Systems

MS16-122: Windows 10 Version 1607 for 32-bit Systems

MS16-122: Windows 10 Version 1607 for x64-based Systems