Active Directory vulnerability could allow remote code execution
Report ID: MS201112009
Date Published: 14 December 2011
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
A vulnerability in Active Directory in Windows could lead to arbitrary code execution, provided that the attacker manages to acquire the log-on credentials to the Active Directory domain.
Detailed Description
Microsoft has released a security update for Windows to address a vulnerability in Active Directory, which is caused by Active Directory processing a malicious query and trying to access improperly initialized memory. To exploit this vulnerability, the attacker must first obtain the log-on credential to the Active Directory domain. Upon successful exploit, the attacker could be able to execute code and take control of the affected system.
This vulnerability has been resolved through the update by introducing changes in the way that objects in memory are handled. Users are recommended to install this latest update as a protection against potential exploits.
CVE Reference
CVE-2011-3406
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-095)
