PT-2016-1043 · Microsoft · Windows 7+3
Ashutosh Mehra
·
Published
2016-01-12
·
Updated
2018-10-12
·
CVE-2016-0020
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to the fixed version
Windows Vista SP2
Windows Server 2008 SP2 and R2 SP1
Windows 7 SP1
Description
The issue is related to the mishandling of DLL loading, allowing local users to gain privileges via a crafted application. This is due to errors in loading libraries. The exploitation of this issue can enable a local attacker to elevate their privileges using a specially crafted application. To exploit, an attacker must first log on to the target system.
Recommendations
For Windows Vista SP2, update to a version that includes the fix for this issue.
For Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue.
For Windows 7 SP1, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the loading of DLL files to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 7
Windows Server 2008
Windows Vista