Microsoft published MS16-039 for all versions of Windows on April 12, 2016. MS16-039 addresses four vulnerabilities, one rated “critical” allowing for Remote Code Execution, three rated “important” allowing for escalation of privilege. Two of the “important” vulnerabilities (CVE-2016-0165 and CVE-2016-0167) are under active attack.
In a typical scenario an attacker would use a first vulnerability (for example in Adobe Flash see APSb16-10) to get access to the system and then use CVE-2016-0165/7 to gain administrator privileges on the targeted system. The attacker would then proceed to install his working toolset on the machine, consisting of multiple backdoors and Remote Access Tools (RATs) plus further scanning and exploitation tools.
Our Real-time Threat Indicator (RTI) for QID: 91204 is set to: ActivelyAttacked