The vulnerability started to appear on the radar in June 2016 as it was used in "low-volume attacks primarily focused on targets in South Korea". A successful attack exploited a flaw in the Windows font library to elevate privileges, and to install a backdoor on target systems called Hankray.
Trojan Horse Exp.CVE-2016-7256.
Vulnerability details
Advisory: SB2016110906 - Multiple vulnerabilities in Microsoft Graphics Component
Vulnerable component: Windows
CVE-ID: CVE-2016-7256
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
A remote attacker can execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of objects in memory in Windows font library when processing Open Type fonts. A remote attacker can create a specially crafted font file and cause memory corruption.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable system with privileges of the current user.
Note: this vulnerability is being actively exploited in the wild.
External links:
https://technet.microsoft.com/library/security/ms16-132
https://www.symantec.com/security_response/writeup.jsp?docid=2017-011706-2200-99
http://www.securityweek.com/microsoft-patches-windows-zero-day-exploited-russian-hackers
http://www.netsec.news/patch-tuesday-sees-68-microsoft-vulnerabilities-fixed/
https://www.ghacks.net/2017/01/18/microsoft-windows-10-hardening-against-0-day-exploits/
http://www.removesoft-tips.com/exp-cve-2016-7256-removal-guide-how-do-i-remove-exp-cve-2016-7256-com...
https://hotforsecurity.bitdefender.com/blog/if-youre-going-to-use-windows-it-makes-security-sense-to...
http://www.digitaltrends.com/computing/anniversary-update-shielded-against-two-exploits/
http://www.thewindowsclub.com/windows-10-mitigate-zero-day-exploits
http://windowsreport.com/microsoft-windows-10-zero-day-exploit/