CVE-2016-3226 — Improper Access Control in Microsoft Windows Server 2008

CWE-284 — Improper Access Control5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

13.4%

top 5.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012 Msrc Windows Server 2008 R2 FOR X64-based Systems Service Pack 1 +2 more

Timeline

PublishedJun 16

Latest updateMay 14

Description

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-x67x-54j5-hmqx: Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (s↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Active Directory Denial of Service Vulnerability↗2016-06-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶