Endpoint Vulnerability

Microsoft: Windows Permissions Enforcement Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would need to create and implement a malicious DLL and already be able to execute code on the target system. The security update addresses the vulnerability by correcting how Windows enforces permissions.

Affected Products

Windows 10

References

CVE-2016-3346,