Description:
A vulnerability was identified in Microsoft Windows Kernel. A local user can obtain elevated privileges on the target system when invoking a specially crafted system call.
Affected Systems:
Impact:
A successful attack could lead to elevation of privilege and remote code execution.
Recommendation:
Microsoft Security Bulletin MS16-135 was released to address the vulnerability found in Windows Kernel. The patches are available from Microsoft Update website at:
http://update.microsoft.com/microsoftupdate
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
https://technet.microsoft.com/library/security/MS16-135
https://www.hkcert.org/my_url/en/alert/16110201
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
http://securitytracker.com/id/1037155
http://www.govcert.gov.hk/en/A16-11-03.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7214