CVE-2016-0087

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Vista SP2 Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1

Description The issue is related to insufficient validation of handles in the Windows operating system. This could allow a local attacker to elevate their privileges using a specially crafted application. An attacker who successfully exploits the issue could run arbitrary code as System, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit the issue, an attacker would first have to log on to the system.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive system resources to minimize the risk of exploitation. Avoid using the system with elevated privileges until the issue is resolved.