Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass
Report ID: MS201403004
Date Published: March 11, 2014
Compromise Type: security-bypass
Compromise From: local-system
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
A vulnerability in the way the Security Account Manager Remote (SAMR) protocol validates user lockout state may, if successfully exploited, cause this security feature to be bypassed.
The Security Account Manager Remote (SAMR) protocol allows management of a directory of groups and users. A vulnerability in the way the SAMR validates user lockout state may be exploited by an attacker to allow brute force attacks against user passwords.
To exploit this vulnerability, the attackers needs to have network connectivity to a domain controller and a username.
Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-016)