Executive Summary
Summary | |
---|---|
Title | Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass |
Informations | |||
---|---|---|---|
Name | KB2862152 | First vendor Publication | 2013-11-12 |
Vendor | Microsoft | Last vendor Modification | 2014-02-28 |
Severity (Vendor) | N/A | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory. Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. Note In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information. For more information about this vulnerability, see the following references: This advisory discusses the following software. What is the scope of the advisory? What might an attacker use the vulnerability to do? How could an attacker exploit the vulnerability? Will Microsoft issue any further update to address this vulnerability? What does the update do? What additional guidance must customers follow in order to be protected from the vulnerability? Apply the update for affected releases of Microsoft Windows The majority of customers have automatic updating enabled and will not need to take any action because the 2862152 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. For administrators and enterprise installations, or end users who want to install the 2862152 update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2862152. Note In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. See Microsoft Knowledge Base Article 2862152 for detailed guidance. We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center. Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2862152.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26746 | |||
Oval ID: | oval:org.mitre.oval:def:26746 | ||
Title: | Alows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate | ||
Description: | DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3876 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 3 | |
Os | 2 | |
Os | 2 | |
Os | 2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-13 | Name : The remote host is affected by a security feature bypass vulnerability. File : smb_kb2862152.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-28 21:19:33 |
|
2014-02-17 11:38:42 |
|
2013-11-19 00:22:23 |
|
2013-11-18 13:23:05 |
|
2013-11-12 21:19:24 |
|