The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channels endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka NETLOGON Spoofing Vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_2003_server | Microsoft | * | * |
| Windows_server_2008 | Microsoft | * | * |
| Windows_server_2008 | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
| Windows_server_2012 | Microsoft | - (including) | - (including) |
| Windows_server_2012 | Microsoft | r2 (including) | r2 (including) |
References
- http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html
- http://seclists.org/fulldisclosure/2015/Mar/60
- http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
- http://www.securitytracker.com/id/1031891
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027
- https://www.samba.org/samba/history/samba-4.2.10.html
- http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html
- http://seclists.org/fulldisclosure/2015/Mar/60
- http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
- http://www.securitytracker.com/id/1031891
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027
- https://www.samba.org/samba/history/samba-4.2.10.html