Microsoft Windows Kernel Local Elevation Of Privilege Vulnerability (CVE-2016-0079)

  Severity: CRITICAL

  DESCRIPTION

A local privilege escalation vulnerability was discovered within Microsoft Windows. It abuses the issue that a registry hive file will be opened in write mode if opening it in read mode fails. This, combined with the fact that the log files created when opening a hive in write mode are effectively owned by the system yet can also be modified by a user, allows normal users to overwrite critical system files. Successful exploitation of this issue may lead to local privilege escalation.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1007988