Vulnerability Manager Plus

Windows NTLM Elevation of Privilege Vulnerability for Windows Server 2012 R2 (KB3197874)

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

65.102%

CVE Information

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
21705

Patch Description
November, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3197874)

References

http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html
http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
http://technet.microsoft.com/security/bulletin/MS16-129
http://technet.microsoft.com/security/bulletin/MS16-130
http://technet.microsoft.com/security/bulletin/MS16-132
http://technet.microsoft.com/security/bulletin/MS16-134
http://technet.microsoft.com/security/bulletin/MS16-135
http://technet.microsoft.com/security/bulletin/MS16-137
http://technet.microsoft.com/security/bulletin/MS16-138
http://technet.microsoft.com/security/bulletin/MS16-140
http://technet.microsoft.com/security/bulletin/MS16-142
http://www.securityfocus.com/archive/1/archive/1/539734/100/0/threaded
http://www.securityfocus.com/bid/93991
http://www.securityfocus.com/bid/93998
http://www.securityfocus.com/bid/94000
http://www.securityfocus.com/bid/94003
http://www.securityfocus.com/bid/94004
http://www.securityfocus.com/bid/94007
http://www.securityfocus.com/bid/94008
http://www.securityfocus.com/bid/94009
http://www.securityfocus.com/bid/94010
http://www.securityfocus.com/bid/94011
http://www.securityfocus.com/bid/94012
http://www.securityfocus.com/bid/94013
http://www.securityfocus.com/bid/94014
http://www.securityfocus.com/bid/94015
http://www.securityfocus.com/bid/94016
http://www.securityfocus.com/bid/94017
http://www.securityfocus.com/bid/94018
http://www.securityfocus.com/bid/94021
http://www.securityfocus.com/bid/94023
http://www.securityfocus.com/bid/94027
http://www.securityfocus.com/bid/94030
http://www.securityfocus.com/bid/94033
http://www.securityfocus.com/bid/94040
http://www.securityfocus.com/bid/94045
http://www.securityfocus.com/bid/94051
http://www.securityfocus.com/bid/94052
http://www.securityfocus.com/bid/94053
http://www.securityfocus.com/bid/94055
http://www.securityfocus.com/bid/94057
http://www.securityfocus.com/bid/94058
http://www.securityfocus.com/bid/94059
http://www.securityfocus.com/bid/94063
http://www.securityfocus.com/bid/94064
http://www.securityfocus.com/bid/94065
http://www.securityfocus.com/bid/94066
http://www.securityfocus.com/bid/94156
http://www.securitytracker.com/id/1037241
http://www.securitytracker.com/id/1037243
http://www.securitytracker.com/id/1037245
http://www.securitytracker.com/id/1037248
http://www.securitytracker.com/id/1037249
http://www.securitytracker.com/id/1037251
http://www.securitytracker.com/id/1037252
http://www.securitytracker.com/id/1037255
http://www.zerodayinitiative.com/advisories/ZDI-16-592
http://www.zerodayinitiative.com/advisories/ZDI-16-594
https://bugs.chromium.org/p/project-zero/issues/detail?id=952
https://github.com/mwrlabs/CVE-2016-7255
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05340049
https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
https://twitter.com/da5ch0/status/820161895269277696
https://www.exploit-db.com/exploits/40744/
https://www.exploit-db.com/exploits/40745/
https://www.exploit-db.com/exploits/40763/
https://www.exploit-db.com/exploits/40764/
https://www.exploit-db.com/exploits/40765/
https://www.exploit-db.com/exploits/40823/
https://www.exploit-db.com/exploits/40875/
https://www.exploit-db.com/exploits/41015/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7184
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7218
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7210
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7246
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7199
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3334
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3340
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7239
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7223
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7215
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3343
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7221
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7238
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7227
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7255
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7195
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3333
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7247
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3332
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3335
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3342
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-0026
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7224
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7217
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7248