CVE-2016-0020

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1

Description The issue is related to the mishandling of DLL loading, allowing local users to gain privileges via a crafted application. This is due to errors in loading libraries. The exploitation of this issue can enable a local attacker to elevate their privileges using a specially crafted application. To exploit, an attacker must first log on to the target system.

Recommendations For Windows Vista SP2, update to a version that includes the fix for this issue. For Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Windows 7 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the loading of DLL files to minimize the risk of exploitation.