Security Thoughts: Vulnerability in Active Directory could allow denial of service (MS16-081, KB3160352, CVE-2016-3226)

Yesterday, Microsoft released update 3160352 as part of its June 2016 Patch Tuesday to address an important vulnerability in Active Directory, allowing denial of service. This security update is rated Important for all supported editions of Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

About the vulnerability

A vulnerability has been detected by Ondrej Sevecek of GOPAS and described as part of CVE-2016-3226, that could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive.

About the update

The security update addresses the vulnerability by correcting by correcting how machine accounts are created.

This security update is rated Important for all supported editions of Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

Affected Operating Systems

The following supported Microsoft Windows Server Operating System versions, running both Full Installations and Server Core Installations are affected by this vulnerability:

  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Windows Server 2008 R2 Service Pack 1

KB3160352 addresses the vulnerability on the affected Operating Systems.

This security update is rated Important for all supported releases of Microsoft Windows.
A system restart is required after you apply this security update.

Mitigating factors

To exploit this vulnerability, an attacker must have an account that has privileges to join machines to the domain. If an attacker cannot join new machines to the domain, the vulnerability cannot be exploited.

Workarounds

Microsoft has not identified any workarounds for these vulnerabilities.

 

Call to action

I urge you to install KB3160352 on Domain Controllers in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Domain Controllers in the production environment.

Related KnowledgeBase articles

3160352 MS16-081: Security Update for Active Directory: June 14, 2016

Series Navigation

<< Security Thoughts: Vulnerability in Netlogon could allow remote code execution (MS16-076, KB3167691, CVE-2016-3228)

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.