The two vulnerabilities located in Microsoft Windows are:
- A Memory leak error which exists in the Active Directory LDAP service. It could be exploited in order to hang an affected system. This may occur via specially tampered with LDAP or LDAPS requests, which need to consist of exact OID filters.
- An error that exists within the Active Directory LDAP service. If this is exploited, the chances are that it may trigger the invalid memory and attackers could then execute arbitrary code. This execution of arbitrary code takes place via specially tampered with LDAP or LDAPS requests.
A malicious character with the correct computer skills will be able to take complete and utter control of an infiltrated system. He will also be able to view, change, modify, create or delete whatever he wishes.
These vulnerabilities were reported in implementations of Active Directory on the Microsoft Windows 2000 Server, Windows Server 2003 as well as the Active Directory Application Mode (ADAM), when it is installed on Windows XP Professional as well as Windows Server 2003.
The affected operating systems |
Microsoft Windows XP Professional |
Microsoft Windows Storage Server 2003 |
Microsoft Windows Server 2003 Web Edition |
Microsoft Windows Server 2003 Standard Edition |
Microsoft Windows Server 2003 Enterprise Edition |
Microsoft Windows Server 2003 Datacenter Edition |
Microsoft Windows 2000 Server |
Microsoft Windows 2000 Datacenter Server |
Microsoft Windows 2000 Advanced Server |
The impact of these vulnerabilities may include unauthorized system access as well as DoS attacks. All Windows users will be pleased to know that these vulnerabilities only affect Microsoft Windows 2000 Server systems. This vulnerability has been rated as moderately critical. The solution to this problem is for all users to apply the relevant updates immediately with the use of update management software or the Microsoft Update service.
Source: http://www.pc1news.com/news/0717/active-directory-vulnerabilities-in-microsoft-windows.html#msg
No comments:
Post a Comment