New Search

NetLogon Security Feature Bypass Vulnerability - CVE-2019-1424

oval:org.cisecurity:def:6785

A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. To exploit the vulnerability an attacker would require an active man in the middle attack to be in place for the targeted traffic. The update addresses the vulnerability by modifying how Netlogon handles these connections accounting for potential attack through a man in the middle.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2019-1424
  • MSRC-CVE-2019-1424
  • KB4525233
  • KB4525239
  • KB4525253
  • KB4525250
  • KB4525232
  • KB4525236
  • KB4525241
  • KB4525237
  • KB4523205
  • KB4524570
Product(s):