On Tuesday November 13, 2011 Microsoft, in its monthly Patch Tuesday, released a Security Bulleting addressing an issue with Active Directory.

To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. The vulnerability is caused when Active Directory processes a specially crafted query and tries to access the contents of a memory buffer that has not been properly initialized.

The vulnerability exists in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS).

Guidance

This update is currently applicable to Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.

You are urged to test and implement the update corresponding to the Security Bulletin.

More information

Microsoft Security Bulletin MS11-095 – Important – Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
MS11-095: Vulnerability in Active Directory could allow remote code execution: December 13, 2011