Microsoft Windows Graphics Component Multiple Vulnerabilities
Last Update Date:
15 Jun 2016 17:43
Release Date:
15 Jun 2016
3184
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
- Windows Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Graphics Component (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities. - Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. - ATMFD.dll Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Elevation of Privilege
- Information Disclosure
System / Technologies affected
- Microsoft Windows Vista
- Microsoft Windows 7
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Windows 8.1
- Microsoft Windows Server 2012 and Windows Server 2012 R2
- Microsoft Windows RT 8.1
- Microsoft Windows 10
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS16-074
Vulnerability Identifier
Source
Related Link
Share with