Oval Definition:oval:org.cisecurity:def:866
Revision Date:2016-07-29Version:12
Title:Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability - CVE-2016-3236 (MS16-077)
Description:The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-3236
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):
Definition Synopsis
  • Microsoft Windows Vista/Server 2008 is installed + file version
  • Microsoft Windows Windows Vista/Server 2008 is installed
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Check for file version
  • Check if netbt.sys version is less than 6.0.6002.19655
  • OR Check for Limited Distribution Release (LDR) file version
  • Check if netbt.sys version is greater than or equal to 6.0.6002.23000
  • AND Check if netbt.sys version is less than 6.0.6002.23970
  • OR Microsoft Windows 7/Server 2008 R2 is installed + file version
  • Microsoft Windows 7/Server 2008 R2 is installed
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND Check if netbt.sys version is less than 6.1.7601.23451
  • OR Microsoft Windows 8.1/Server 2012 R2 is installed + file version
  • Microsoft Windows 8.1/Server 2012 R2 is installed
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if netbt.sys version is less than 6.3.9600.18340
  • OR Microsoft Windows Server 2012 is installed + file version
  • Microsoft Windows Server 2012 is installed
  • Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check if netbt.sys version is less than 6.2.9200.21859
  • OR Microsoft Windows 10 is installed + file version
  • Microsoft Windows 10 is installed
  • Microsoft Windows 10 (32-bit) is installed
  • OR Microsoft Windows 10 (64-bit) is installed
  • AND Check if netbt.sys version is less than 10.0.10240.16942
  • OR Microsoft Windows 10 Version 1511 is installed + file version
  • Microsoft Windows 10 Version 1511 is installed
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND Check if netbt.sys version is less than 10.0.10586.420
    • BACK