CVE-2015-2374

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 and R2 SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows Server 2012 Gold and R2

Description The issue is related to the Netlogon service in Microsoft Windows Server, which does not properly implement domain-controller communication. This allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel. The vulnerability is caused by the service improperly establishing a secure communications channel to a primary domain controller (PDC). To exploit this vulnerability, an attacker would first need to have access to a PDC on a target network. The vulnerability may allow an attacker to gain access to user accounts due to errors in domain controller configuration.

Recommendations For Microsoft Windows Server 2003 SP2 and R2 SP2, update the Netlogon service to a patched version. For Microsoft Windows Server 2008 SP2 and R2 SP1, update the Netlogon service to a patched version. For Microsoft Windows Server 2012 Gold and R2, update the Netlogon service to a patched version. As a temporary workaround, consider restricting access to the primary domain controller (PDC) to minimize the risk of exploitation.