PT-2016-2576 · Microsoft · Universal Outlook+2

Published

2016-08-09

Updated

2018-10-12

CVE-2016-3312

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 versions Gold and 1511

Description The issue is related to the ActiveSyncProvider in Microsoft Windows, which fails to properly secure service data. This allows attackers to discover credentials by leveraging a failure of Universal Outlook to obtain a secure connection. The vulnerability can be exploited by a remote attacker to disclose accounts.

Recommendations For Microsoft Windows 10 versions Gold and 1511, update to a version that includes the fix for the Universal Outlook Information Disclosure issue. As a temporary workaround, consider restricting access to sensitive information until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2016-01968

CVE-2016-3312

Affected Products

Windows 10

Universal Outlook

Windows

PT-2016-2576 · Microsoft · Universal Outlook+2

CVE-2016-3312

Weakness Enumeration

Related Identifiers

Affected Products

References · 9