The issue is due to improper handling of Installer elevation of privilege (IeP) requests. A remote attacker can exploit this to execute arbitrary code with the privileges of the user. By default Windows Vista and Windows XP has the IeP disabled. But an unpatched Windows 7 or Windows 8 system with an attacker on the local network can be hacked. Windows 10 has a feature called System Integrity Protection (SIP) which has enabled the IeP by default.
CVE-2016-5317: Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2016-5318.
In Windows Vista and Windows Server 2008, Windows 7, Windows 8, and Windows 10, the Windows Installer handles external data (XDI) in such a way that it does not properly validate XDI data received from untrusted sources. An attacker can leverage this vulnerability to execute arbitrary code on the target system. By default Windows Vista and Windows XP has the XDI enabled. But an unpatched Windows 7 or Windows 8 system with an attacker on the local network can be hacked.
In Windows Vista and Windows Server 2008, Windows 7, Windows 8, and Windows 10, improper handling of XDI data by the Windows Installer could result in elevation of privilege. An attacker could leverage this vulnerability to run arbitrary code on a target system. By default Windows Vista and Windows XP has the XDI enabled. But an unpatched Windows
How to check if you are vulnerable?
If you are running Windows Vista, 7, 8 or 10 and have not installed any updates as of March 1st 2016, then your system is vulnerable.
Windows Installer (MSI)
The Windows Installer is a Microsoft application that allows you to install and update software packages. It is a key component in the software supply chain, as it is responsible for installing software packages on remote systems. The Windows Installer can be used to install both locally running programs and those downloaded from the internet.
Windows Installer Security Updates
In response to the vulnerabilities identified in CVE-2016-5317, Microsoft released security updates for Windows Installer on January 13, 2016. These updates are documented in the Critical Patch Update Advisory for January 2016.
Windows Server 2003 Service Pack 2 is not affected by these vulnerabilities.
Microsoft will release a further update to address a vulnerability affecting all versions of Windows:
CVE-2022-24530, which is unique from CVE-2016-5318.
Timeline
Published on: 04/15/2022 19:15:00 UTC
Last modified on: 04/19/2022 16:59:00 UTC