==================================================================== CERT-Renater Note d'Information No. 2015/VULN173 _____________________________________________________________________ DATE : 09/09/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version Server 2008, Server 2012 running Active Directory. ====================================================================== KB3072595 https://technet.microsoft.com/en-us/library/security/MS15-096 ______________________________________________________________________ Microsoft Security Bulletin MS15-096 - Important: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) Bulletin Number: MS15-096 Bulletin Title: Vulnerability in Active Directory Service Could Allow Denial of Service Severity: Important KB Article: 3072595 Version: 1.0 Published Date: September 8, 2015 Executive Summary This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain. This security update is rated Important for all supported editions of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. For more information, see the Affected Software section. Affected Software Windows Server 2008 Windows Server 2008 for 32-bit Systems Service Pack 2 (3072595) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Server Core installation option Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) Vulnerability Information Active Directory Denial of Service Vulnerability - CVE-2015-2535 A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive. To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by creating multiple machine accounts, resulting in denial of service. The update addresses the vulnerability by correcting how machine accounts are created. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================