CVE-2015-2535

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows Server 2012 Gold and R2

Description The issue is related to errors in the code of the Active Directory service in Windows. It allows a remote authenticated user to cause a denial of service by creating multiple machine accounts. This can lead to the Active Directory service becoming non-responsive. An attacker must have valid credentials to exploit this issue.

Recommendations For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the ability to create machine accounts in the Active Directory to minimize the risk of exploitation.