MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by a denial of service
vulnerability.

Description :

The remote Windows host is affected by a denial of service
vulnerability in the Network Policy Server (NPS) due to improper
handling of RADIUS authentication requests. An unauthenticated, remote
attacker can exploit this, via specially crafted username strings, to
cause a denial of service condition for RADIUS authentication on the
NPS.

See also :

https://technet.microsoft.com/library/security/MS16-021

Solution :

Microsoft has released a set of patches for Windows 2008, 2008 R2,
2012, and 2012 R2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 88653 ()

Bugtraq ID: 82513

CVE ID: CVE-2016-0050

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now