1. Home
  2. Data Center
  3. Cisco Vulnerability Spotlight: Windows 10 Remote Denial of Service

Cisco Vulnerability Spotlight: Windows 10 Remote Denial of Service

0
0

Talos is releasing an advisory for a remote denial of service attack vulnerability in Microsoft Windows 10 AHCACHE.SYS (TALOS-2016-0191 / CVE-2016-3369)

An attacker can craft a malicious portable executable file, which if accessed causes AHCACHE.SYS to attempt to access out of scope memory. This triggers a bugcheck in the Windows kernel causing the system to crash, denying service to the user. Although AHCACHE.SYS is the driver that handles local cache compatibility information, if the vulnerability is exploited the attacker is unable to execute code or elevate user privileges.
DETAILS

During a cache lookup, the ‘AslpFileQueryVersionString’ function is called along with other functions. This function reads the value of EDI from the resource variable (Var->wValueLength ) in the PE without performing any bounds checking. Since the attacker controls the PE content, the threat actor can supply a value that is too large which results in the program attempting to access unavailable memory which results in an access violation that causes whole system to crash

Read the entire article here, Vulnerability Spotlight: Windows 10 Remote Denial of Service

via the fine folks at Cisco Systems.

Categories:
Cisco Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected.

Featured Resources:

Related Articles:

| LATEST FEATURED RESOURCES

White Papers

‘All You Need to Know About Microsoft Windows Nano Server’ Veeam White Paper

Now updated for Windows Server 2016 GA release! You probably heard about Windows Nano Server already … but what is it exactly, and how do you get started with it? What value will it bring to your environment? Nano Server is a headless, 64-bit only deployment option for Windows Server 2016. Microsoft created this component specifically with […]

Downloads

Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

On-Demand Webinars

Architecting for today’s desktop environments – FSLogix On-Demand Webinar

October 19, 2017 Webinar with David Young, Solutions Architect and Product Champion, and Brandon Lee, Solutions Marketer. Video Recording of a live demo of FSLogix and an overview of the latest release of FSLogix Apps featuring Roaming XenApp Email Search and OneDrive App along with Skype for Business Global Address List and Device Based Licensing. […]

Latest Videos

Current State of EUC – E2EVC Video

Session from @E2EVC 2017 Orlando. For event information please visit www.e2evc.com/home. For slides, additional info etc please contact the presenter directly on Twitter. For best video and sound quality do visit the event! This video is from the fine folks at E2EVC Conference

Views All IT News on DABCC.com
Views All IT Videos on DABCC.com
Win a Tesla P100D

Visit Our Sponsors