Microsoft Windows LSASS Heap Overflow Vulnerability ( 15 September 2010 )
RISK: Medium Risk
An authenticated elevation of privilege vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles certain Lightweight Directory Access Protocol (LDAP) messages. The vulnerability exists in implementations of Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). An attacker must have previously authenticated with the LSASS server prior to exploiting this issue. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact
- Elevation of Privilege
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Active Directory
- Active Directory Application Mode (ADAM)
- Active Directory Lightweight Directory Service (AD LDS)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows XP Service Pack 3
- Active Directory Application Mode (ADAM) - Windows XP Professional x64 Edition Service Pack 2
- Active Directory Application Mode (ADAM) - Windows Server 2003 Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM) - Windows Server 2003 x64 Edition Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM) - Windows Server 2003 with SP2 for Itanium-based Systems
- Active Directory - Windows Vista Service Pack 2
- Active Directory Lightweight Directory Service (AD LDS) - Windows Vista x64 Edition Service Pack 2
- Active Directory Lightweight Directory Service (AD LDS) - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Active Directory and Active Directory Lightweight Directory Service (AD LDS) - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Active Directory and Active Directory Lightweight Directory Service (AD LDS) - Windows 7 for 32-bit Systems
- Active Directory Lightweight Directory Service (AD LDS) - Windows 7 for x64-based Systems
- Active Directory Lightweight Directory Service (AD LDS) - Windows Server 2008 R2 for x64-based Systems
- Active Directory and Active Directory Lightweight Directory Service (AD LDS)
Vulnerability Identifier
Source
Related Link
Share with