CVE-2015-2472

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A spoofing issue exists due to improper certificate validation during authentication. This allows attackers to impersonate client sessions.

Recommendations For Microsoft Windows Vista SP2, update to a version that properly verifies certificates. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that properly verifies certificates. For Microsoft Windows 7 SP1, update to a version that properly verifies certificates. For Microsoft Windows 8, update to a version that properly verifies certificates. For Microsoft Windows 8.1, update to a version that properly verifies certificates. For Microsoft Windows Server 2012 Gold and R2, update to a version that properly verifies certificates. For Microsoft Windows RT Gold and 8.1, update to a version that properly verifies certificates.