Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0317

Overview

Vulnerability Score 5.4 5.4
CVE Id CVE-2014-0317
Last Modified 12 Mar 2014 05:43:58
Published 12 Mar 2014 01:15:19
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-0317

Summary

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows Xp -


References

MS - MS14-016

Related Patches

MS14-016 Security Update for Windows Server 2008 (KB2923392)

MS14-016 Security Update for Windows Vista (KB2923392)

MS14-016 Security Update for Windows Server 2003 (KB2923392)

MS14-016 Security Update for Windows Server 2003 (KB2933528)

MS14-016 Security Update for Windows XP (KB2933528)

MS14-016 Security Update for Windows Server 2008 x64 (KB2923392)

MS14-016 Security Update for Windows Vista x64 (KB2923392)

MS14-016 Security Update for Windows Server 2003 x64 (KB2923392)

MS14-016 Security Update for Windows Server 2003 x64 (KB2933528)


Last Updated: 27 May 2016 11:04:38