The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability alert CVE-2016-3237 CVE-2016-3300

Windows: two vulnerabilities of Authentication Method

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Windows.
Impacted systems: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity of this alert: 2/4.
Consequences of an intrusion: privileged access/rights, user access/rights.
Pirate's origin: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/08/2016.
Références of this alert: 3178465, CERTFR-2016-AVI-271, CVE-2016-3237, CVE-2016-3300, MS16-101, VIGILANCE-VUL-20351.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Netlogon, in order to escalate his privileges. [severity:2/4; CVE-2016-3300]

An attacker can bypass security features via Kerberos, in order to escalate his privileges. [severity:2/4; CVE-2016-3237]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.