| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-007 | Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029) | Windows Server | Important | 14-01-2015 |
Technical Information
Brief overview of the risk:
The vulnerability could allow denial of service on an Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to the IAS or NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS.
Detailed Information on the risk:
An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to an Internet Authentication Service (IAS) or Network Policy Server (NPS), causing a denial of service condition for RADIUS authentication on the IAS or NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights; however, it could prevent RADIUS authentication on the IAS or NPS.
Further information on this exploit is available at : MS15-007
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
Windows Server 2012 R2