Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0006

Overview

Vulnerability Score 6.1 6.1
CVE Id CVE-2015-0006
Last Modified 14 Jan 2015 04:28:28
Published 13 Jan 2015 05:59:03
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0006

Summary

The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7 -

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista -


References

MS - MS15-005

Related Patches

MS15-005 Security Update for Windows Vista (KB3022777)

MS15-005 Security Update for Windows Server 2008 (KB3022777)

MS15-005 Security Update for Windows Server 2008 x64 (KB3022777)

MS15-005 Security Update for Windows Vista x64 (KB3022777)


Last Updated: 27 May 2016 11:07:32