Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-066.
Impact
Successful exploitation will let the attacker crash the server which may result in Denial of Service.
Impact Level: System/Application.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx
Insight
This issue is caused by an error in implementations of Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Service (AD LDS) when processing malformed LDAP or LDAPS requests.
Affected
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows 2008 server Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2009-1928 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft Groove Remote Code Execution Vulnerability (2494047)
- Microsoft Comctl32 Integer Overflow Vulnerability (2864058)
- Microsoft DirectShow Remote Code Execution Vulnerability (2845187)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)