|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-09-13 | |
| Rule Name: | Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS16-110 SecurityFocusBID:92852 |
|
| Solutions |
|---|
| Microsoft has released a patch MS16-110 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS16-110 |