Oval Definition:oval:org.mitre.oval:def:28478
Revision Date:2015-02-23Version:45
Title:Network policy server RADIUS implementation denial of service vulnerability - CVE-2015-0015 (MS15-007)
Description:Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-0015
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis
  • Windows Server 2k3 and vulnerable file version
  • Either OS
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of Iassam.dll is less than 5.2.3790.5513
  • OR 2k8 + vulnerable file version
  • 2K8
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND gdr/ldr
  • ldr range
  • Check if the version of Iassam.dll is less than 6.0.6002.23557
  • AND Check if the version of Iassam.dll is greater than or equal to 6.0.6002.23000
  • OR Check if the version of Iassam.dll is less than 6.0.6002.19250
  • OR Win 2008 R2 + vulnerable file version
  • Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND gdr/ldr
  • ldr range
  • Check if the version of Iassam.dll is less than 6.1.7601.22893
  • AND Check if the version of Iassam.dll is greater than or equal to 6.1.7601.22000
  • OR Check if the version of Iassam.dll is less than 6.1.7601.18685
  • OR 2k12 and vulnerable file version
  • Microsoft Windows Server 2012 (64-bit) is installed
  • AND gdr/ldr
  • ldr range
  • Check if the version of Iassam.dll is less than 6.2.9200.21316
  • AND Check if the version of Iassam.dll is greater than or equal to 6.2.9200.21000
  • OR Check if the version of Iassam.dll is less than 6.2.9200.17199
  • OR Win 2K12 R2and vulnerable file version
  • Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of Iassam.dll is less than 6.3.9600.17549
    • BACK