vulnerability
MS16-067: Security Update for Volume Manager Driver (3155784)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | May 10, 2016 | May 10, 2016 | Jun 26, 2020 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
May 10, 2016
Added
May 10, 2016
Modified
Jun 26, 2020
Description
An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user. An attacker who successfully exploited this vulnerability could obtain access to file and directory information on the mounting userâs USB disk. This update addresses the vulnerability by ensuring that access to USB disks over RDP is correctly enforced to prevent non-mounting session access.
Solutions
WINDOWS-HOTFIX-MS16-067-1988531e-c23d-4ee7-9461-6fca037d7e32WINDOWS-HOTFIX-MS16-067-1f274a40-2a12-406e-b3df-b5ef13ffa353WINDOWS-HOTFIX-MS16-067-20d1a457-eca7-488d-a870-96d7374cb436WINDOWS-HOTFIX-MS16-067-3c2a8a09-806d-4fe0-a786-34bff45fc354WINDOWS-HOTFIX-MS16-067-4480cfce-5328-439b-801a-596b676f5597WINDOWS-HOTFIX-MS16-067-c25370f3-1d00-4ce8-be8c-381fbf754b40
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.