Elevation of Privilege Vulnerability in Microsoft Windows Server Products
CVE-2015-2374

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Server 2008; Windows Server 2012
Vendor: CVE Published:; 14 July 2015

Summary

The Netlogon service in specific versions of Microsoft Windows Server fails to properly secure domain-controller communications. This inadequacy permits remote attackers to exploit vulnerabilities related to Primary Domain Controller (PDC) access and to spoof the Backup Domain Controller (BDC) role during PDC communication. Successful exploitation can lead to the unauthorized disclosure of credentials, allowing attackers to gain elevated privileges and potentially compromise the integrity and security of the network.

References

http://www.securityfocus.com/bid/75633

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032900

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015