Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Active Directory vulnerability could allow denial of service


Report ID: MS201304005
Date Published: 10 April 2013

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote


Affected Product/Component:

Active Directory
Active Directory Application Mode (ADAM)
Active Directory Services
Active Directory Lightweight Directory Service (AD LDS)




Summary

A vulnerability in the Active Directory could be exploited into causing the service to become non-responsive.



Detailed Description

Microsoft has released a security update to address a denial of service vulnerability in the Active Directory. The vulnerability was caused by a failure to handle a specially crafted Lightweight Directory Access Protocol (LDAP) query, and it can be exploited into causing the service to stop responding.

This issue has been resolved through the latest update which introduces a correction in the way that LDAP queries are handled. Users are recommended to install the update as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-1282



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-032)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.