MS10-068 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Elevat

Discussion in 'Security Alerts' started by News, Sep 14, 2010.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,203
    Likes Received:
    20
    Severity Rating: Important - Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain.

    More...
     

Share This Page

Loading...