Denial of service vulnerability in network policy server radius implementation - MS15-007ID: oval:org.secpod.oval:def:23108 | Date: (C)2015-01-14 (M)2021-06-02 |
Class: PATCH | Family: windows |
The host is missing an important security update according to Microsoft security bulletin, MS15-007. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle specially crafted username strings. Successful exploitation could allow attackers to send specially crafted username strings to an Internet Authentication Service (IAS) or Network Policy Server (NPS), causing a denial of service condition for RADIUS authentication on the IAS or NPS.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |