Vulnerability Protection

Vulnerability in WIndows DirectShow Could Allow Information Disclosure

Details

Report ID:

MS20170316

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Information disclosure

Compromise From:

Remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

Summary

A vulnerability in WIndows DirectShow could be exploited by an attacker to obtain sensitive information to further compromise a target system. 

Detailed Description

Microsoft has released a security update to address an information disclosure vulnerability in Windows DirectShow. The vulnerability was caused by improper handling of objects in memory, and can be exploited to obtain information that could be used to further compromise a target system. This issue has been fixed in the latest security update by correcting the way Windows DirectShow handles objects in memory.

CVE Reference

CVE-2017-0042

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/MS17-021

Source

Microsoft Security Bulletin MS17-021