Microsoft Patches Three Flaws
Posted by: Timothy Weaver on 02/16/2016 11:02 AM
[
Comments
]
Microsoft has released patches for three flaws, two of which could disable two-factor authentication protocol from any Windows product.
The vulnerabilities were found in Microsoft ASP.NET and Microsoft Visual Studio.
The flaw allows a hacker to upload malware which removes the phone number associated with the 2FA making it inoperative.
The third flaw impacts Windows 2008 R2 and 2012 R2. That flaw was found in Windows Network Policy Server. In this case, the hacker merely has to flood the server with specially crafted username strings to the target network policy server to prevent Remote Authentication Dial-In User Service.
Source: SCMagazine
The vulnerabilities were found in Microsoft ASP.NET and Microsoft Visual Studio.The flaw allows a hacker to upload malware which removes the phone number associated with the 2FA making it inoperative.
The third flaw impacts Windows 2008 R2 and 2012 R2. That flaw was found in Windows Network Policy Server. In this case, the hacker merely has to flood the server with specially crafted username strings to the target network policy server to prevent Remote Authentication Dial-In User Service.
Source: SCMagazine
Comments
