Microsoft Windows IME CVE-2016-7221 Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists in Microsoft Windows when Windows Input Method Editor (IME) improperly handles DLL loading. There is no impact without IME present. To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how Windows IME loads DLLs.
Affected Applications
Windows RT 8.1
Windows Vista x64 Edition Service Pack 2
Windows Server 2016
Windows Server 2012
Windows 8
Windows Server 2008
Windows 10
Windows 7
Windows Vista Service Pack 2