Yesterday, Microsoft released update 3167691 as part of its June 2016 Patch Tuesday to address an important vulnerability in Windows Server’s Netlogon functionality, allowing remote code execution on all supported Windows Server versions.
About the vulnerability
A vulnerability has been detected, that could allow remote code execution if an attacker with access to a Windows Server Active Directory Domain Controller (DC) on a target network runs a specially crafted application to establish a secure channel to the Domain Controller as a replica Domain Controller.
About the update
The update addresses the vulnerability by modifying how Netlogon handles the establishment of secure channels.
Affected Operating Systems
All supported Microsoft Windows Server Operating System versions are affected by this vulnerability:
- Windows Server 2012 R2 Datacenter
- Windows Server 2012 R2 Standard
- Windows Server 2012 R2 Essentials
- Windows Server 2012 R2 Foundation
- Windows Server 2012 Datacenter
- Windows Server 2012 Standard
- Windows Server 2012 Essentials
- Windows Server 2012 Foundation
- Windows Server 2008 R2 Service Pack 1
- Windows Server 2008 Service Pack 2
KB3162343 addresses the vulnerability on Windows Server 2012 R2.
KB3161561 addresses the vulnerability on Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. KB3161561 is also denoted in MS16-075, due to the way fixes for vulnerabilities affecting particular products are consolidated. KB3161561 replaces KB3101246.
This security update is rated Important for all supported releases of Microsoft Windows.
A system restart is required after you apply this security update.
Microsoft has not identified any mitigating factors for this vulnerability.
Microsoft has not identified any workarounds for these vulnerabilities.
Call to action
Microsoft has not identified any mitigating factors or workarounds, so I urge you to install KB3161561 and/or KB3161561 on Domain Controllers in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Domain Controllers in the production environment.