Vulnerability in DirectAccess Could Allow Security Feature Bypass

With the November 2013 security bulletin release, Microsoft advises that DirectAccess includes a vulnerability that could allow security feature bypass. This update affects all supported versions of Microsoft Windows and addresses an issue with how the DirectAccess server authenticates connections with DirectAccess clients. The vulnerability could be leveraged by an attacker to pose as a man-in-the-middle and intercept their communication. For more details, please review Microsoft Security Advisory 2862152.

Leave a comment

4 Comments

  1. Hi Richard,
    I’m confused about this update. We are using DirectAccess scenario in our network.
    I understood I have to apply the security update on the DA client (IPSec initiator) but not entirely got clear about registry editing and how. My questions are -

    What certificate type that KB article referring? We have Computer Certificate which has EKU configured for client and server authentication issued by our internal enterprise root CA and IP-HTTPS certificate for external publishing which has EKU configured for server authentication.

    So, if I’m not wrong I have to add registry value on UAG server side only?
    I see two type of configuration for certificate authentication for Directaccess -certification authentication by using AuthIP and Certification authentication by using IKEv1 .What type of authentication by default DirectAccess client do in basic scenario?

    In Registry edit, what IPv4/IPv6 or DNS should add as DATA value of the new registry key?

    Sorry for multiple questions. I have read the KB article over and over but not got clear. your explanation would be much helpful to me.

    Thanks :)

    Reply
  1. TechNet Blogs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 33 other followers

%d bloggers like this: