ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB974318

Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution

UpdatesDescription: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication. The security update addresses the vulnerabilities by correcting the way Internet Authentication Service validates authentication requests by PEAP clients.

Update type: Important

Release date: December 8, 2009

Applies to: All versions

Knowledge base: http://support.microsoft.com/kb/974318

Download link: 32-bit | 64-bit
Comments:Here are the specifics on the vulnerabilities covered by this update:

  • Internet Authentication Service Memory Corruption Vulnerability – CVE-2009-2505
  • MS-CHAP Authentication Bypass Vulnerability – CVE-2009-3677
There is a download that resolves this issue.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB974318.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts