4.3 - MS15-027

Executive Summary

Summary
Title	Vulnerability in NETLOGON Could Allow Spoofing (3002657)

Informations
Name	MS15-027	First vendor Publication	2015-03-10
Vendor	Microsoft	Last vendor Modification	2015-03-16
Severity (Vendor)	Important	Revision	2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Adjacent network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	5.5	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3002657 for more information.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker who is logged on to a domain-joined system runs a specially crafted application that could establish a connection with other domain-joined systems as the impersonated user or system. The attacker must be logged on to a domain-joined system and be able to observe network traffic.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-027

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-254	Security Features

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28863

Oval ID:	oval:org.mitre.oval:def:28863
Title:	NETLOGON spoofing vulnerability - CVE-2015-0005 (MS15-027)
Description:	The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2015-0005	Version:	3
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2003 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012	Product(s):
Definition Synopsis:
Server 2003 and vulnerable versions Server 2003 (x86/x64/ia64) Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Check if the version of netlogon.dll is less than 5.2.3790.5551 OR 2k8(x86/x64/ia64) and vulnerable file version 2K8 (x86/x64/ia64) Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable versions Check if the version of netlogon.dll is less than 6.0.6002.19319 OR Check for LDR Check if the version of netlogon.dll is greater than or equal to 6.0.6002.23000 AND Check if the version of netlogon.dll is less than 6.0.6002.23629 OR R2 (x64 / ia64) and vulnerable file versions R2 (x64/ia64) Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable versions Check if the version of netlogon.dll is less than 6.1.7601.18759 OR Check for LDR Check if the version of netlogon.dll is greater than or equal to 6.1.7601.22000 AND Check if the version of netlogon.dll is less than 6.1.7601.22966 OR Server 2012 and vulnerable file version Microsoft Windows Server 2012 (64-bit) is installed AND Check for vulnerable versions Check if the version of netlogon.dll is less than 6.2.9200.17273 OR Check for LDR Check if the version of netlogon.dll is greater than or equal to 6.2.9200.21000 AND Check if the version of netlogon.dll is less than 6.2.9200.21391 OR Server 2012 R2 and vulnerable file version Microsoft Windows Server 2012 R2 is installed AND Check if the version of netlogon.dll is less than 6.3.9600.17678

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::: cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*	2
Os	Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:r2::::standard::: cpe:2.3:o:microsoft:windows_server_2012:r2::::essentials::: cpe:2.3:o:microsoft:windows_server_2012:r2::::datacenter::: cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	4

Snort® IPS/IDS

Date	Description
2014-01-10	Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS
2014-01-10	SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS
2014-01-10	Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS
2014-01-10	possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2016-04-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3548.nasl - Type : ACT_GATHER_INFO
2015-03-10	Name : The remote Windows host is affected by a spoofing vulnerability. File : smb_nt_ms15-027.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-03-17 00:28:23	Multiple Updates
2015-03-17 00:15:51	Multiple Updates
2015-03-11 21:26:30	Multiple Updates
2015-03-11 17:26:21	Multiple Updates
2015-03-11 13:25:06	Multiple Updates
2015-03-10 21:27:53	Multiple Updates
2015-03-10 21:24:08	Multiple Updates
2015-03-10 21:17:23	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	7
Snort® Rule(s)	4
Nessus® Exploit(s)	2

	Related
10	MS15-067
10	MS15-034
10	MS15-002
9.3	MS15-134
9.3	MS15-131
9.3	MS15-130
9.3	MS15-129
9.3	MS15-128
9.3	MS15-127
9.3	MS15-126
9.3	MS15-125
9.3	MS15-124
9.3	MS15-116
9.3	MS15-115
9.3	MS15-114
9.3	MS15-113
9.3	MS15-112
9.3	MS15-110
9.3	MS15-109
9.3	MS15-108
9.3	MS15-106
9.3	MS15-101
9.3	MS15-100
9.3	MS15-099
9.3	MS15-098
9.3	MS15-097
9.3	MS15-095
9.3	MS15-094
9.3	MS15-093
9.3	MS15-092
9.3	MS15-091
9.3	MS15-090
9.3	MS15-082
9.3	MS15-081
9.3	MS15-080
9.3	MS15-079
9.3	MS15-078
9.3	MS15-070
9.3	MS15-066
9.3	MS15-065
9.3	MS15-060
9.3	MS15-059
9.3	MS15-057
9.3	MS15-056
9.3	MS15-049
9.3	MS15-048
9.3	MS15-046
9.3	MS15-045
9.3	MS15-044
9.3	MS15-043
9.3	MS15-035
9.3	MS15-033
9.3	MS15-032
9.3	MS15-022
9.3	MS15-021
9.3	MS15-020
9.3	MS15-019
9.3	MS15-018
9.3	MS15-012
9.3	MS15-009
9.3	MS15-004
9	MS15-083
8.5	MS15-058
8.3	MS15-011
7.8	MS15-030
7.8	MS15-007
7.2	MS15-135
7.2	MS15-133
7.2	MS15-132
7.2	MS15-119
7.2	MS15-117
7.2	MS15-111
7.2	MS15-102
7.2	MS15-085
7.2	MS15-077
7.2	MS15-076
7.2	MS15-073
7.2	MS15-072
7.2	MS15-068
7.2	MS15-061
7.2	MS15-051
7.2	MS15-038
7.2	MS15-037
7.2	MS15-025
7.2	MS15-023
7.2	MS15-015
7.2	MS15-010
7.2	MS15-003
7.2	MS15-001
6.9	MS15-074
6.9	MS15-069
6.9	MS15-063
6.9	MS15-050
6.9	MS15-017
6.8	MS15-120
6.8	MS15-064
6.1	MS15-005
6	MS15-047
5.8	MS15-121
5.8	MS15-040
5.4	MS10-101
5	MS15-107
5	MS15-103
5	MS15-075
5	MS15-055
5	MS15-026
4.9	MS15-122
4.7	MS15-008
4.6	MS15-052
4.3	MS15-123
4.3	MS15-118
4.3	MS15-104
4.3	MS15-088
4.3	MS15-087
4.3	MS15-086
4.3	MS15-084
4.3	MS15-062
4.3	MS15-053
4.3	MS15-039
4.3	MS15-036
4.3	MS15-031
4.3	MS15-029
4.3	MS15-024
4.3	MS15-016
4.3	MS15-013
4.3	CVE-2015-0005
4	MS15-096
3.3	MS15-071
3.3	MS15-014
2.6	MS15-089
2.6	MS15-041
2.1	MS15-042
2.1	MS15-028
1.9	MS15-105
1.9	MS15-054
1.9	MS15-006
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 136 more Alert(s)

4.3 - MS15-027

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU