SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Network Policy Server RADIUS Username Processing Lets Remote Users Block RADIUS Authentication
SecurityTracker Alert ID:  1034986
SecurityTracker URL:  http://securitytracker.com/id/1034986
CVE Reference:   CVE-2016-0050   (Links to External Site)
Updated:  Feb 11 2016
Original Entry Date:  Feb 10 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2008 R2, 2012 R2
Description:   A vulnerability was reported in Microsoft Windows Network Policy Server. A remote user can block RADIUS authentication on the target system.

A remote user can send specially crafted username strings to the target Network Policy Server (NPS) to prevent Remote Authentication Dial-In User Service (RADIUS) authentication on the target NPS.

Impact:   A remote user can prevent RADIUS authentication on the target NPS system.
Solution:   The vendor has issued a fix.

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=3331e3e8-1a79-46dc-9b8a-e5981b75c7a7

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=c1aa1104-1c1b-4689-a8b3-56aa087a32e3

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=00f08a1e-ef30-49e9-bab4-9f6cdb0ceaa0

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=693c94e3-0f77-4208-9945-ae9887d00730

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=ddde305c-3260-4b57-9bc3-b78b1977993c

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=3331e3e8-1a79-46dc-9b8a-e5981b75c7a7

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=c1aa1104-1c1b-4689-a8b3-56aa087a32e3

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=00f08a1e-ef30-49e9-bab4-9f6cdb0ceaa0

Windows Server 2012 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=693c94e3-0f77-4208-9945-ae9887d00730

Windows Server 2012 R2 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=ddde305c-3260-4b57-9bc3-b78b1977993c

[Editor's note: On February 11, 2016 (UTC), the vendor updated their advisory to announce availability of update 3126041 for Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 for Itanium-based Systems, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.]

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-021

Vendor URL:  technet.microsoft.com/library/security/ms16-021 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC