Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass


Report ID: MS201403004
Date Published: March 11, 2014

Criticality: Important
Compromise Type: security-bypass
Compromise From: local-system


Affected Product/Component:

Windows Vista
Windows XP
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003




Summary

A vulnerability in the way the Security Account Manager Remote (SAMR) protocol validates user lockout state may, if successfully exploited, cause this security feature to be bypassed.



Detailed Description

The Security Account Manager Remote (SAMR) protocol allows management of a directory of groups and users. A vulnerability in the way the SAMR validates user lockout state may be exploited by an attacker to allow brute force attacks against user passwords.

To exploit this vulnerability, the attackers needs to have network connectivity to a domain controller and a username.



CVE Reference

CVE-2014-0317



Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-016)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.