Executive Summary

Summary
TitleSecurity Update for Microsoft Windows to Address Remote Code Execution (3124901)
Informations
NameMS16-007First vendor Publication2016-01-12
VendorMicrosoftLast vendor Modification2016-01-27
Severity (Vendor) ImportantRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V1.1 (January 27, 2016): 1) Added an Update FAQ to explain that only certain versions of aepic.dll are affected by CVE-2016-0018; therefore, some customers will not be offered update 3121461. 2) Added an Update FAQ to explain why some customers are not being offered update 3109560. These are informational change only. Customers who have already successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS16-007

CWE : Common Weakness Enumeration

%idName
60 %CWE-426Untrusted Search Path
20 %CWE-254Security Features
20 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Os6
Os4
Os1
Os1
Os1
Os1
Os4
Os2
Os1

Snort® IPS/IDS

DateDescription
2016-03-14Microsoft Windows devenum.dll device moniker underflow attempt
RuleID : 37278 - Revision : 2 - Type : OS-WINDOWS
2016-03-14Microsoft Windows devenum.dll device moniker underflow attempt
RuleID : 37277 - Revision : 2 - Type : OS-WINDOWS
2016-03-14Microsoft Windows request for feclient.dll over SMB attempt
RuleID : 37276 - Revision : 3 - Type : OS-WINDOWS
2016-03-14Microsoft Windows feclient.dll dll-load exploit attempt
RuleID : 37275 - Revision : 3 - Type : OS-WINDOWS
2016-03-14Microsoft Office api-ms-win-core-winrt-l1-1-0.dll dll-load exploit attempt
RuleID : 37264 - Revision : 3 - Type : FILE-OFFICE
2016-03-14Microsoft Office request for api-ms-win-core-winrt-l1-1-0.dll over SMB attempt
RuleID : 37263 - Revision : 3 - Type : FILE-OFFICE
2016-03-14Microsoft Office mfplat.dll dll-load exploit attempt
RuleID : 37262 - Revision : 3 - Type : FILE-OFFICE
2016-03-14Microsoft Office request for mfplat.dll over SMB attempt
RuleID : 37261 - Revision : 3 - Type : FILE-OFFICE
2016-03-14Microsoft Internet Explorer request for mapi32x.dll over SMB attempt
RuleID : 37258 - Revision : 3 - Type : BROWSER-IE
2016-03-14Microsoft Internet Explorer mapi32x.dll dll-load exploit attempt
RuleID : 37257 - Revision : 3 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2016-01-13Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms16-007.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2016-04-27 05:03:29
  • Multiple Updates
2016-02-19 21:28:48
  • Multiple Updates
2016-02-17 21:30:27
  • Multiple Updates
2016-02-16 17:28:34
  • Multiple Updates
2016-01-28 05:27:12
  • Multiple Updates
2016-01-28 05:16:23
  • Multiple Updates
2016-01-20 21:26:02
  • Multiple Updates
2016-01-14 17:28:17
  • Multiple Updates
2016-01-14 13:26:25
  • Multiple Updates
2016-01-13 09:25:26
  • Multiple Updates
2016-01-12 21:28:07
  • Multiple Updates
2016-01-12 21:17:11
  • First insertion