MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by an elevation of privilege
vulnerability.

Description :

The remote Windows host is affected by an elevation of privilege
vulnerability in the Security Account Manager (SAM) and Local Security
Authority (Domain Policy) (LSAD) protocols due to improper
authentication level negotiation over Remote Procedure Call (RPC)
channels. A man-in-the-middle attacker able to intercept
communications between a client and a server hosting a SAM database
can exploit this to force the authentication level to downgrade,
allowing the attacker to impersonate an authenticated user and access
the SAM database.

See also :

https://technet.microsoft.com/library/security/MS16-047
http://badlock.org/

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 90510 ()

Bugtraq ID: 86002

CVE ID: CVE-2016-0128

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now