CVE-2016-0050

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows Server 2012 Gold Microsoft Windows Server 2012 R2

Description The issue is related to the Network Policy Server (NPS) component in Microsoft Windows Server, which misparses username queries. This allows remote attackers to cause a denial of service, specifically a RADIUS authentication outage, via crafted requests. The vulnerability exists due to insufficient input validation, enabling a remote attacker to exploit it using specially formed requests.

Recommendations For Microsoft Windows Server 2008 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 R2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NPS component to minimize the risk of exploitation.