Home / bulletins

MS10-068 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) - Version:1.0

Posted on 14 September 2010

Important

Severity Rating: Important - Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if an authenticated attacker sent specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. In order to successfully exploit this vulnerability, an attacker must have a member account within the target Windows domain. However, the attacker does not need to have a workstation joined to the Windows domain.

Link

 

TOP