===================================================================== CERT-Renater Note d'Information No. 2014/VULN068 _____________________________________________________________________ DATE : 12/03/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version XP, Server 2003, Vista, Server 2008, Server 2012 running Security Account Manager Remote (SAMR) Protocol. ====================================================================== KB2934418 http://technet.microsoft.com/en-us/security/bulletin/ms14-016 ______________________________________________________________________ Microsoft Security Bulletin MS14-016 - Important Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) Published Date: March 11, 2014 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Affected Software Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 and Windows Server 2012 R2 Server Core installation option Vulnerability Information SAMR Security Feature Bypass Vulnerability - CVE-2014-0317 A security feature bypass vulnerability exists when the Security Account Manager Remote (SAMR) protocol incorrectly validates user lockout state. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================