This advisory discusses the following software.

[1]Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

[2]The vulnerability discussed in this bulletin affects Windows Server 2016 Technical Preview 5. To be protected from the vulnerability, Microsoft recommends that customers running this operating system apply the current update, which is available from Windows Update.

What is the scope of the advisory?
The purpose of this advisory is to inform customers of blacklisted publicly released versions of securekernel.exe for all supported editions of Windows 10, Windows 10 Version 1511, and Windows Server 2016 Technical Preview 5.

Is this a security vulnerability that requires Microsoft to issue a security update?
Yes. This update is included in the Latest Cumulative Update (LCU) for each of the affected systems in this advisory. Installing the update ensures for customers that none of the vulnerable securekernel.exe files remain on these systems, and that a good securekernel.exe is installed on them.

What is the cause of the problem with the blacklisted publicly released versions of securekernel.exe?
An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.

To exploit this vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.

The securekernel.exe update described in this advisory is part of the update to address the information disclosure vulnerability in MS16-089, Security Update for Windows Secure Kernel Mode (3170050), that was released on July 12, 2016. That update addresses the information disclosure vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory. The update also ensures that only a good securekernel.exe is installed on the systems described in this advisory.

• Ensure that computers running these operating systems only have the current version of securekernel.exe installed

  The majority of customers have automatic updating enabled and do not need to take any action because the update is downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

Additional Suggested Actions

• Protect your PC

  We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.

• Keep Microsoft Software Updated

  Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

• You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.

Support

• Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
• International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
• Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

• V1.0 (August 9, 2016): Advisory published.