Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-086.
Impact
Successful exploitation will allow the remote attackers to use revoked certificate to authenticate to the Active Directory domain and gain access to network resources or run code under the privileges of a specific authorized user with which the certificate is associated.
Impact Level: System/Application.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms1-086.mspx
Insight
The flaw is due to an error in Active Directory when configured to use LDAP over SSL. It fails to validate the revocation status of an SSL certificate against the CRL (Certificate Revocation List) associated with the domain account. This can be exploited to authenticate to the Active Directory domain using a revoked certificate.
Affected
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior
References
Severity
Classification
-
CVE CVE-2011-2014 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)
- Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
- Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)