MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)
Medium Nessus Plugin ID 80496
SynopsisThe remote Windows host is affected by a denial of service vulnerability.
DescriptionThe remote Windows host is affected by a denial of service vulnerability due to a failure to properly parse username queries on an Internet Authentication Service (IAS) or a Network Policy Server (NPS). A remote, unauthenticated attacker, using specially crafted username strings, can exploit this to prevent RADIUS authentication on the IAS or NPS server.
SolutionMicrosoft has released a set of patches for Windows 2003, 2008, 2008 R2, 2012, and 2012 R2.