Microsoft Windows LSASS Heap Overflow Vulnerability ( 15 September 2010 )

Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4248 Views

RISK: Medium Risk

Medium Risk

An authenticated elevation of privilege vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles certain Lightweight Directory Access Protocol (LDAP) messages. The vulnerability exists in implementations of Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). An attacker must have previously authenticated with the LSASS server prior to exploiting this issue. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Elevation of Privilege

System / Technologies affected

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Active Directory
  • Active Directory Application Mode (ADAM)
  • Active Directory Lightweight Directory Service (AD LDS)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Heap Based Buffer Overflow in Outlook Vulnerability ( 15 September 2010 )

15 Sep 2010 4222 Views

Next

Microsoft Windows IIS Multiple Vulnerabilities ( 15 September 2010 )

15 Sep 2010 4344 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY