Security Update for Windows Authentication Methods

description-logoDescription

These vulnerabilites have following impacts: Elevation of Privilege, Denial of Service. An attacker who successfully exploited Elevation of Privilege vulnerability would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control over an affected system. An attacker who successfully exploited Denial of Service vulnerability could cause affected system to become non-responsive.

Analysis

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.

affected-products-logoAffected Applications

Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows 10
Windows Server 2016