Home / bulletins MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) - Version:1.1
Posted on 09 December 2009
CriticalSeverity Rating: Critical - Revision Note: V1.1 (December 9, 2009): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. This is an informational change only.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.
Other versions
- MS09-071 - Version: 1.0
- MS09-071 - Version: 1.1
