CVE-2015-2374
Microsoft Windows Server Credential Exposure via Netlogon PDC-BDC Spoofing
Title source: llmDescription
The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75633
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032900
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-071
Scores
EPSS
0.0511
EPSS Percentile
91.3%
Details
CWE
CWE-200
Status
published
Products (6)
microsoft/windows_2003_server
microsoft/windows_2003_server
r2 sp2
microsoft/windows_server_2008
microsoft/windows_server_2008
r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2 (3 CPE variants)
Published
Jul 14, 2015
Tracked Since
Feb 18, 2026