Microsoft Windows Kerberos Denial of Service Vulnerability

Summary

Microsoft Windows is prone to a remote denial-of-service vulnerability.

Credit:

The original article can be found at: http://technet.microsoft.com/en-us/security/bulletin/ms12-069


Details

Vulnerable Systems:
 * Microsoft Windows Server 2008 R2 x64 SP1 and prior

Successful exploits will cause the system to crash, resulting in a denial-of-service condition.

On October 09, 2012, Microsoft released a Security Bulletin MS12-069 regarding a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

A denial of service vulnerability exists when the Microsoft Kerberos implementation fails to properly handle a specially crafted session. An attacker who successfully exploited this vulnerability could cause the system to stop responding and restart. (CVE-2012-2551)

CVE Information:
CVE-2012-2551

Disclosure Timeline:
Published: Oct 11 2012 12:00AM
Updated: Oct 11 2012 12:00AM

Categories: Windows