==================================================================== CERT-Renater Note d'Information No. 2016/VULN288 _____________________________________________________________________ DATE : 10/08/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions Vista, Server 2008, 7, 8.1, Server 2012, RT 8.1, 10 running Windows Authentication Methods. ===================================================================== KB3178465 https://technet.microsoft.com/en-us/library/security/MS16-101 ____________________________________________________________________ Microsoft Security Bulletin MS16-101: Important Security Update for Windows Authentication Methods (3178465) Executive Summary This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system. This security update is rated Important for all supported releases of Microsoft Windows. Affected Software Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8.1 Windows Server 2012 [1] Windows Server 2012 R2 Windows RT 8.1 [2] Windows 10 [3] Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation) Windows Server 2012 R2 (Server Core installation) [1] The Windows Server 2012 update, 3177108, includes the fixes for both CVE-2016-3300 and CVE-2016-3237. For this reason, no separate fix is being shipped for 3167679. [2] This update is only available via Windows Update. [3] Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Netlogon Elevation of Privilege Vulnerability - CVE-2016-3300 An elevation of privilege vulnerability exists when Windows Netlogon improperly establishes a secure communications channel to a domain controller. An attacker who successfully exploited the vulnerability could run a specially crafted application on a domain-joined system. To exploit the vulnerability, an attacker would require access to a domain-joined machine that points to a domain controller running either Windows Server 2012 or Windows Server 2012 R2. The update addresses the vulnerability by modifying how Netlogon handles the establishment of secure channels. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited NetLogon Elevation of Privilege Vulnerability CVE-2016-3300 No No Kerberos Elevation of Privilege Vulnerability - CVE-2016-3237 An elevation of privilege vulnerability exists in Windows when Kerberos improperly handles a password change request and falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. An attacker who successfully exploited this vulnerability could use it to bypass Kerberos authentication. To exploit this vulnerability, an attacker would have to be able to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. The update addresses this vulnerability by preventing Kerberos from falling back to NTLM as the default authentication protocol during a domain account password change. Vulnerability Title CVE number Publicly disclosed Exploited Kerberos Elevation of Privilege Vulnerability CVE-2016-3237 No No ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================