CVE-2009-3677

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue concerns the Internet Authentication Service (IAS) not properly verifying credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request. This allows remote attackers to access network resources via a malformed request. An elevation of privilege vulnerability exists where an attacker could send a specially crafted Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication request to obtain access to network resources under the privileges of a specific, authorized user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.