Muhammad Faisal Naqvi

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows Server 2012 versions Gold through R2 **Description** The issue is related to the Security Account Manager Remote (SAMR) protocol implementation, which does not properly determine the user-lockout state. This makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack. **Recommendations** For Microsoft Windows XP versions SP2 through SP3, update the system to address the SAMR security feature bypass issue. For Microsoft Windows Server 2003 version SP2, apply the necessary patch to fix the SAMR protocol implementation. For Microsoft Windows Vista version SP2, install the latest security update to resolve the issue. For Microsoft Windows Server 2008 versions SP2 through R2 SP1, apply the recommended hotfix to mitigate the vulnerability. For Microsoft Windows Server 2012 versions Gold through R2, update the system with the latest security patches to address the SAMR security feature bypass issue.