CVE-2015-0005

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows Server 2012 Gold and R2

Description A spoofing issue exists in the NETLOGON service, allowing remote attackers to spoof the computer name of a secure channel's endpoint and obtain sensitive session information by running a crafted application and leveraging the ability to sniff network traffic. This issue arises when the Netlogon service improperly establishes a secure communications channel belonging to a different machine with a spoofed computer name. To exploit this, an attacker must first be logged on to a domain-joined system and be able to observe network traffic, then run a specially crafted application to establish a secure channel connection belonging to a different computer, potentially using the established secure channel to obtain session-related information for the actual secure channel of the spoofed computer.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. As a temporary workaround, consider restricting access to the NETLOGON service to minimize the risk of exploitation.