Oval Definition:	oval:org.cisecurity:def:940
Revision Date: 2016-08-12 Version: 9 Title: Windows Virtual PCI Information Disclosure Vulnerability - CVE-2016-3232 (MS16-073) Description: The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-3232 Platform(s): Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Product(s): Definition Synopsis 2k12 + vulnerable file version Microsoft Windows Server 2012 is installed AND Check if the version of Vpcivsp.sys is less than 6.2.9200.21872 OR Win8.1/2k12 R2 + vulnerable file version Win8.1/2k12 R2 Microsoft Windows Server 2012 R2 is installed OR Microsoft Windows 8.1 is installed AND Check if the version of Vpcivsp.sys is less than 6.3.9600.18340
BACK