Microsoft Active Directory Account Creation Bug Lets Remote Authenticated Users Deny Service
|
SecurityTracker Alert ID: 1036108 |
SecurityTracker URL: http://securitytracker.com/id/1036108
|
CVE Reference:
CVE-2016-3226
(Links to External Site)
|
Date: Jun 14 2016
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Microsoft Active Directory. A remote authenticated user can cause denial of service conditions on the target system.
A remote authenticated user can create multiple machine accounts to cause the target Active Directory service to become unresponsive.
Ondrej Sevecek of GOPAS reported this vulnerability.
|
Impact:
A remote authenticated user can the target Active Directory service to become unresponsive.
|
Solution:
The vendor has issued a fix.
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=e04e1a84-9848-4721-a312-87d317772d94
Windows Server 2012:
https://www.microsoft.com/downloads/details.aspx?familyid=46aebb45-05d3-40be-8ace-93d2b40f2090
Windows Server 2012 R2:
https://www.microsoft.com/downloads/details.aspx?familyid=68f2762d-8f2b-45b3-bdcf-4b34fdc0c2bf
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation):
https://www.microsoft.com/downloads/details.aspx?familyid=e04e1a84-9848-4721-a312-87d317772d94
Windows Server 2012 (Server Core installation):
https://www.microsoft.com/downloads/details.aspx?familyid=46aebb45-05d3-40be-8ace-93d2b40f2090
Windows Server 2012 R2 (Server Core installation):
https://www.microsoft.com/downloads/details.aspx?familyid=68f2762d-8f2b-45b3-bdcf-4b34fdc0c2bf
The Microsoft advisory is available at:
https://technet.microsoft.com/library/security/ms16-081
|
Vendor URL: technet.microsoft.com/library/security/ms16-081 (Links to External Site)
|
Cause:
Resource error
|
Underlying OS: Windows (2008), Windows (2012)
|
Underlying OS Comments: 2008 R2, 2012, 2012 R2
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|