Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-066.
Impact
Successful exploitation will let the attacker crash the server which may result in Denial of Service.
Impact Level: System/Application.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx
Insight
This issue is caused by an error in implementations of Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Service (AD LDS) when processing malformed LDAP or LDAPS requests.
Affected
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows 2008 server Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2009-1928 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (931768)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Cumulative Security Update for Internet Explorer (933566)
- Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)