Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS15-007: Vulnerability in Network Policy Server RADIUS implementation could cause denial of service: January 13, 2015


View products that this article applies to.

Summary

This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow denial of service on Internet Authentication Service (IAS) or Network Policy Server (NPS) if an attacker sends specially crafted username strings to IAS or NPS. Although the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights, it could prevent Remote Authentication Dial-in User Service (RADIUS) authentication on IAS or NPS.

↑ Back to the top


Introduction

Microsoft has released security bulletin MS15-007. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


More Information

Security update deployment information

Windows Server 2003 (all editions)

Reference table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2003:
WindowsServer2003-KB3014029-x86-ENU.exe
For all supported x64-based editions of Windows Server 2003:
WindowsServer2003-KB3014029-x64-ENU.exe
For all supported Itanium-based editions of Windows Server 2003:
WindowsServer2003-KB3014029-ia64-ENU.exe
Installation switchesSee Microsoft Knowledge Base Article 934307
Update log fileKB3014029.log
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationUse Add or Remove Programs item in Control Panel or the Spuninst.exe utility located in the %Windir%\$NTUninstallKB3014029$\Spuninst folder
File informationSee the file information section.
Registry key verificationHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB3014029\Filelist

Windows Server 2008 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file namesFor all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3014029-x86.msu
For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3014029-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationWUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
File informationSee the file information section.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3014029-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed updates and select from the list of updates.
File informationSee the file information section.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Security update file nameFor all supported editions of Windows Server 2012:
Windows8-RT-KB3014029-x64.msu
For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3014029-x64.msu
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
Removal informationTo uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates.
File informationSee the file information section.
Registry key verificationNote A registry key does not exist to validate the presence of this update.

↑ Back to the top


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.


Windows Server 2003 file information
  • The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the "SP requirement" and "Service branch" columns.
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
  • In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.

For all supported x64-based versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Iassam.dll5.2.3790.5513214,01609-Jan-201518:10x64SP2SP2QFE
Wiassam.dll5.2.3790.5513134,14409-Jan-201518:10x86SP2SP2QFE\WOW

For all supported x86-based versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Iassam.dll5.2.3790.5513134,14409-Jan-201518:02x86SP2SP2QFE

For all supported IA-64-based versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Iassam.dll5.2.3790.5513428,03209-Jan-201518:09IA-64SP2SP2QFE
Wiassam.dll5.2.3790.5513134,14409-Jan-201518:09x86SP2SP2QFE\WOW

Windows Server 2008 file information
  • The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.0.6002.18xxxWindows Vista SP2 and Windows Server 2008 SP2SP2GDR
    6.0.6002.23xxxWindows Vista SP2 and Windows Server 2008 SP2SP2LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Iassam.dll6.0.6002.19250182,78406-Dec-201403:14x86
Iassam.dll6.0.6002.23557182,78406-Dec-201402:50x86

For all supported x64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Iassam.dll6.0.6002.19250242,68806-Dec-201402:53x64
Iassam.dll6.0.6002.23557242,68806-Dec-201402:35x64
Iassam.dll6.0.6002.19250182,78406-Dec-201403:14x86
Iassam.dll6.0.6002.23557182,78406-Dec-201402:50x86

Windows Server 2008 R2 file information
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.7601.18xxxWindows Server 2008 R2SP1GDR
    6.1.7601.22xxxWindows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions of Windows Server 2008 R2

File nameFile versionFile sizeDateTimePlatform
Iassam.dll6.1.7601.18685254,97606-Dec-201404:17x64
Iassam.dll6.1.7601.22893254,97606-Dec-201404:31x64
Iassam.dll6.1.7601.18685193,02406-Dec-201403:50x86
Iassam.dll6.1.7601.22893193,02406-Dec-201404:18x86

Windows Server 2012 file information
  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.2.920 0.16 xxxWindows Server 2012RTMGDR
    6.2.920 0.20 xxxWindows Server 2012RTMLDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions of Windows Server 2012

File nameFile versionFile sizeDateTimePlatform
Iassam.dll6.2.9200.17199276,48006-Dec-201407:51x64
Iassam.dll6.2.9200.21316276,48006-Dec-201406:40x64
Iassam.dll6.2.9200.17199219,13606-Dec-201406:09x86
Iassam.dll6.2.9200.21316219,13606-Dec-201405:40x86

Windows Server 2012 R2 file information

For all supported x64-based versions of Windows Server 2012 R2

File nameFile versionFile sizeDateTimePlatform
Iassam.dll6.3.9600.17549276,48005-Dec-201402:56x64
Iassam.dll6.3.9600.17549223,23205-Dec-201402:18x86

File hash information
File nameSHA1 hashSHA256 hash
Windows6.0-KB3014029-x64.msu8367186BF158C74AE5F176B2136ED6213E949B28190E739BC249F486AA44E75293C963D87C40B000766C15859908AE21AD90BA63
Windows6.0-KB3014029-x86.msuAC897528668CC9DF75CC2598F5D8312675B2DF7E691EE1C8E6A383EDCF31B55575DC72229559CF7ED1C41CB824346214BB2DC1E0
Windows6.1-KB3014029-x64.msu29C3C54F6D9AA4E7A0E9D1B6521ABA14A628EDE8E6F354DD2C5822DFFAD40F2F253371EF5D26D19E30992045A7DED78438AD0D1D
Windows8.1-KB3014029-x64.msuC1F9AE30F63328DC8974C1D69C58EBE4E1BB7F18818DEE842804E4656EC935046FE7A020E9FA9958591F7BC9E8DF3C1E27D32FE4
Windows8-RT-KB3014029-x64.msu9FC74C8A48202C3C1E2EE2131E0C0D78EE0B29501CB7500CEEA3DE1B128FBA59947CB8F41A3899FFCC0A495D1EF9066397E8D73C
WindowsServer2003-KB3014029-ia64-DEU.exeFFFB881F5C2A63175C42A5FA895EAFFB4AF05E68118A74EE2B298735FE90C629959E1F3410A6F61B62F64B9D463E51A975DF2AA3
WindowsServer2003-KB3014029-ia64-ENU.exeA574C9731160CEEA0721A322ED01DA682AF5CB43366BB2B8A9C93D5E19DBF4C10CC6B5D47FC600801A0A11152F0E3B575C9B4B99
WindowsServer2003-KB3014029-ia64-ENU.exeF01E900E783C2427470171E1A7D666F21A986D1B7F534C06A554E8DB0EC13A6EC362A7F7DF35C7435195B6BFB8A8EE9B14B1BF33
WindowsServer2003-KB3014029-ia64-FRA.exeD4FBFE7FCA1BB3E66606DED2E08ACD091690434636714B211E3817F3882AA7AB625AB483AAA8D290180F1EA3DC4AEFE9F7DBCBCF
WindowsServer2003-KB3014029-ia64-JPN.exeC9E9AA86C9139CD70335A667D89FF14DA2B2FF4DB08410886A5B14AF4A47FF12CD5AE62FCA9A8F458734D48353E7FF0387D6AE41
WindowsServer2003-KB3014029-x64-CHS.exe50261C7B60CD26ED9569FA1D178655B8CD4F1C14C06F02242D5904781C2F7262394F8E3B4F9F130CFEB41794554B8D8BB054B8B1
WindowsServer2003-KB3014029-x64-CHT.exeF87A1CA1C9E5584A450FBD3DF0C8C8DD7EF7A4DBE0E48AE3BAB89ED37248A9BD1847A9BFBF1A8339BB5ADF31CBCF7C60C6C93DCD
WindowsServer2003-KB3014029-x64-DEU.exe8A7CB9172121035EFD3486AA5DD92577CB9FFFC0A63A92DAF90A2CD41F497D2E438CF32313D1867881F1FA316264A089798A5351
WindowsServer2003-KB3014029-x64-ENU.exeEF0E811FDA83C45CA55D9ED29AE38A768D44CE9C2251364E7BFA76179ABEE6A293D2D62B4F49767371EE6CCA150E5EE777E46B2E
WindowsServer2003-KB3014029-x64-ESN.exe5E5F67FAB1BBB07DF22DEA49B7BEBBEF4C4AF397B9224FCA92C3AB274E146789FD171BF0E4C04DDFB663457A2B52668B6598591B
WindowsServer2003-KB3014029-x64-FRA.exe4978A16B5CFE0CA742925CD0721ABA069F97A9D485B48F4EE9990DC384E742D9FBD459102EFDECC4457B21797726248F8E2BEC23
WindowsServer2003-KB3014029-x64-ITA.exeDB3A949D51ADD5F7E98603928A4142B406FF4F8A0CD06CEA3BD829380B40969BFA5986BDE26D0ACF6D36699F37C0581DA7F42F64
WindowsServer2003-KB3014029-x64-JPN.exeE0A9AB9E5BC6FC5A026ECEE1F2AC88B30CA06A5FAB17ADC748CDEDE73ACB92360D344F5840832F055AFF8DE73B6FD5AD69C6ACCA
WindowsServer2003-KB3014029-x64-KOR.exeB53EFA843692C11B7C7E4A39FD8A9727E602EC77B19C3073A15027DB68D8606A83C5AF49D985B22F862CC781FF9D11BFD1136F72
WindowsServer2003-KB3014029-x64-PTB.exe9594C594EB64BF76601EBE0DD513EF31F32E915AC2843E728F37ADECF1BB118A7C6294F84B8B2ECC6EE09F7C46731A0246F882B3
WindowsServer2003-KB3014029-x64-RUS.exe9C22CC6B6649110EA44235304303359B9BCBDD2A0C070CC5A9DCC5470F7E9F62706C888BC640F53BE4F0704114CD2222AF5E9249
WindowsServer2003-KB3014029-x86-CHS.exeD7CF01235383F081185AF2D26B26C23A7929893F7C9F221761AF2764841D576B648D33F2C38047D7038D22BE07EFC4FE216C4166
WindowsServer2003-KB3014029-x86-CHT.exeD666BB9BEEF4092037A7E8E1B126AE7A7C45988E23D99DBA3281010BAC5B472E5545F454CE498789DA8009F425DEEFD8DFA493A0
WindowsServer2003-KB3014029-x86-CSY.exe992D61458F24196E1A4EE9012B473DF6E79A384F04B7F866A5C2A88C236D70E26021FF9D9C9B512D7A14269D7898DD1247BCD494
WindowsServer2003-KB3014029-x86-DEU.exe9BC0DF6BED3AEF7246E359B0F9EE6116698CED6D0234C6C54D29A870727905101657462D85E6FE35D7ED31A906C41E35382077D4
WindowsServer2003-KB3014029-x86-ENU.exe0C811F7E5FF15C7DA4A06C9F14F3F32040967D69235070C4C73DDAA338CC189A402BC151CA552AF0F5663C4674367C74884CA9C9
WindowsServer2003-KB3014029-x86-ENU.exe87A14DFC403B4E01532CEB640B3EB975BE2F15F9E359C4BE229F90D491CE7326CDED06F8B02A3A64D792452E74E507B57B7E9F60
WindowsServer2003-KB3014029-x86-ESN.exe230CA30B098570F8EE432D794DCB6445A8D7936B4341B9DA9DE0FFED30EDA67BA3429FF9A8881430AD95CD3D2552C970923D773C
WindowsServer2003-KB3014029-x86-FRA.exe639BA56E558A2A06BB5F87FFAAA3CFA50BD24CE26A24872425A1EF2771F3E42F8E297F8867955331C5BB283399949C7C90003632
WindowsServer2003-KB3014029-x86-HUN.exe2381324BC47EF194D9E358C187DEA1A7B058E2936E9D264A207CA8F800D912CA24750E2006541E42143BAAB9FA6352E5B45B84E9
WindowsServer2003-KB3014029-x86-ITA.exe7ABF9EE4DDE9A16851EEB8D6FD8806D2F4EB8B9110A28CEEF485F91EDDC967A50DC0EDA2DD3A3E53CD8235B67EA693B139772906
WindowsServer2003-KB3014029-x86-JPN.exe85CF08B54E607BCE41520F3A6ED05546DF813731CE2FB4A945A4ECC3DC030436DBC28526B7CC2A7471B93B916AC6E896FDA3F811
WindowsServer2003-KB3014029-x86-KOR.exe36E839ABE983B8B0CA9701CC33BEDE0B3714F04AF160179689468BC32E257DFC91A3E18DDA7844CFA38DAFD7C227AB031161F02F
WindowsServer2003-KB3014029-x86-NLD.exeD0E42BAC7C2C3D0E97A459C9E8DE4E620DAE70EB70BDE9331EB60EEE3683EFEF965F8F3CBC2240EACBEEB99728D375D62A58810F
WindowsServer2003-KB3014029-x86-PLK.exe9DC12643972115E55D29404104455B04394DFC29E39452D299082E59404F894E7EBFA0D0369931E521908043F83217E6F3EFAAD6
WindowsServer2003-KB3014029-x86-PTB.exe2644A7C34CDC793A6CBC2FF0C79E57C1BEE80F0987FA2B6717B580E4C469E801A3D973D715D3660EA70E8318122E59D0AF9AD698
WindowsServer2003-KB3014029-x86-PTG.exeBA3660747DDC37EFB122499D39A0311F990C89960B7A52107AA11C9F0530E58F8A1CB1FA6CD1BBAAE9163E40F05DAB35470A453A
WindowsServer2003-KB3014029-x86-RUS.exe4E14F2B735E1352F8B1CB9AA4D11473C82EF2C49012308121F6FAD54B3BA1E7940E2DBDAD9AE05F46E778493F92DE9B89974A64D
WindowsServer2003-KB3014029-x86-SVE.exeA155C8D824C14334EB87AF8F1A86D5ED1429D049A68D6C88B40ABD3B1E5A56B1B3A5E3E9E698DD4337611E457C78C3063722C4F7
WindowsServer2003-KB3014029-x86-TRK.exeCBD2937E995773F20297F213D16927BFF9D9A755AFBA13F90DBA2376AE3584D4475856CF95176299D16C4BC63BA2C27F115A151D

↑ Back to the top


Keywords: kb, atdownload, kbbug, kbexpertiseinter, kbfix, kblangall, kbmustloc, kbsecbulletin, kbsecreview, kbsecurity, kbsecvulnerability, kbsurveynew

↑ Back to the top

Article Info
Article ID : 3014029
Revision : 1
Created on : 1/7/2017
Published on : 1/13/2015
Exists online : False
Views : 310