virus logo Intrusion Prevention

MS.Windows.ATMFD.DLL.Font.File.Handling.Privilege.Elevation

description-logoDescription

This indicates an attack attempt to exploit an Elevation of Privileges vulnerability in Microsoft Windows.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted application. A remote attacker may be able to exploit this to escalate their privileges on vulnerable systems.

affected-products-logoAffected Products

Windows Vista Service Pack 2 (3164033)
Windows Vista x64 Edition Service Pack 2 (3164033)
Windows Server 2008 for 32-bit Systems Service Pack 2 (3164033)
Windows Server 2008 for x64-based Systems Service Pack 2 (3164033)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (3164033)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3164033)
Windows 7 for 32-bit Systems Service Pack 1 (3164033)
Windows 7 for x64-based Systems Service Pack 1 (3164033)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3164033)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3164033)
Windows 8.1 for 32-bit Systems (3164033)
Windows 8.1 for x64-based Systems (3164033)
Windows Server 2012 (3164033)
Windows Server 2012 R2 (3164033)
Windows 10 for 32-bit Systems (3163017)
Windows 10 for x64-based Systems (3163017)
Windows 10 Version 1511 for 32-bit Systems (3163018)
Windows 10 Version 1511 for x64-based Systems (3163018)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3164033)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3164033)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3164033)
Windows Server 2012 (Server Core installation) (3164033)
Windows Server 2012 R2 (Server Core installation) (3164033)

Impact logoImpact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://technet.microsoft.com/security/bulletin/MS16-074

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 42614
Created Jun 14, 2016
Updated Aug 30, 2016
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2016-3220
Exploit Prediction Score 62.4%
Default Action drop
Active
Affected OS Windows
Affected App Other