Network Location Awareness Service Security Feature Bypass Vulnerability

Last Update Date: 15 Jan 2015 Release Date: 14 Jan 2015 3189 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A security feature bypass vulnerability exists in the Network Location Awareness (NLA) service that could unintentionally relax the firewall policy and/or configuration of certain services. This could increase the surface exposed to an attacker. The vulnerability is caused when the NLA service fails to properly validate whether a domain-connected computer is connected to the domain or to an untrusted network. The update addresses the vulnerability by forcing mutual authentication via Kerberos.

Successful exploitation of this vulnerability requires that an attacker be connected to the same network as the victim’s computer, and that the attacker spoof responses to DNS and LDAP traffic initiated by the victim. The vulnerability could allow an attacker to apply a domain profile to a computer connected to an untrusted network. Client computers connected to untrusted networks are primarily at risk from this vulnerability.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Components Elevation of Privilege Vulnerability

14 Jan 2015 3089 Views

Next

Microsoft Windows Error Reporting Security Feature Bypass Vulnerability

14 Jan 2015 3164 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY