Skip to main content

Microsoft Windows Internet Authentication Service Multiple Vulnerabilities( 09 December 2009 )

Last Update Date: 28 Jan 2011 Release Date: 9 Dec 2009 5266 Views

RISK: Medium Risk

1. Internet Authentication Service Memory Corruption Vulnerability

A remote code execution vulnerability exists in implementations of Protected Extensible Authentication Protocol (PEAP) on the Internet Authentication Service. The vulnerability is due to incorrect copying into memory of messages received by the server when handling PEAP authentication attempts. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

2. MS-CHAP Authentication Bypass Vulnerability

An elevation of privilege vulnerability exists in the Internet Authentication Service. An attacker could send a specially crafted Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication request that could obtain access to network resources under the privileges of a specific, authorized user.