Vulnerability Description
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 8.1 | All versions |
| Microsoft | Windows Rt 8.1 | All versions |
| Microsoft | Windows Server 2012 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/90075
- http://www.securitytracker.com/id/1035844
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-06
- http://www.securityfocus.com/bid/90075
- http://www.securitytracker.com/id/1035844
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-06
FAQ
What is CVE-2016-0190?
CVE-2016-0190 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a...
How severe is CVE-2016-0190?
CVE-2016-0190 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0190?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 8.1, Microsoft Windows Rt 8.1, Microsoft Windows Server 2012.