| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-021 | Security Update for NPS RADIUS Server to Address Denial of Service (3133043) | Windows Server | Important | 10-02-2016 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.
Detailed Information on the risk:
A denial of service vulnerability exists when a Network Policy Server (NPS) improperly handles a Remote Authentication Dial-In User Service (RADIUS) authentication request. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to a Network Policy Server (NPS) causing a denial of service condition for RADIUS authentication on the NPS.
Windows Server 2008 for 32-bit Systems Service Pack 2 Further information on this exploit is available at : MS16-021
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2
Affected Software
Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012
Windows Server 2012 R2