CVE-2016-0044

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1 Windows Server versions 2012 R2 Windows RT versions 8.1

Description The issue is related to insufficient input validation in the Sync Framework component, allowing remote attackers to cause a denial of service by sending specially crafted "change batch" data. This could lead to a SyncShareSvc service outage, preventing authenticated users from using the service. However, it does not allow an attacker to execute code or elevate their user rights.

Recommendations For Microsoft Windows 8.1, consider restricting access to the SyncShareSvc service until a fix is available. For Windows Server 2012 R2, avoid using the Sync Framework component with untrusted input data. For Windows RT 8.1, as a temporary workaround, consider disabling the SyncShareSvc service to prevent potential exploitation.