---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Windows Active Directory Two Vulnerabilities SECUNIA ADVISORY ID: SA35355 VERIFY ADVISORY: http://secunia.com/advisories/35355/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An error in the Active Directory LDAP service can be exploited trigger the free of invalid memory and potentially execute arbitrary code via specially crafted LDAP or LDAPS requests. NOTE: The vulnerability affects Microsoft Windows 2000 Server systems only. 2) A memory leak error in the Active Directory LDAP service can be exploited to potentially hang an affected system via specially crafted LDAP or LDAPS requests containing specific OID filters. SOLUTION: Apply patches. -- Active Directory -- Windows 2000 Server SP4: http://www.microsoft.com/downloads/details.aspx?familyid=bba6e20a-0345-46ae-a6f1-fd27fdee7c21 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=d814ce65-a193-4027-a6cd-106d388830a6 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=0d1f23c8-06eb-4996-92eb-0eb635fd6a42 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=92e7808b-92ff-449d-bb73-ee8638e9ccd1 -- Active Directory Application Mode (ADAM) -- Windows XP Professional SP2 and SP3: http://www.microsoft.com/downloads/details.aspx?familyid=cb2c9b76-0c65-4754-9941-d45a7c74a29a Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=2ef3aaf0-a2a9-4c17-99ab-a0dc3d3f7e86 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=f6f99957-f74f-4446-8734-a468283eebae Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=1a2badc7-c0a5-4032-a009-73ebe9d76313 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Joshua J. Drake of VeriSign iDefense Labs 2) Justin Wyatt from the Beaverton School District ORIGINAL ADVISORY: Microsoft (KB971055, KB969805, KB970437): http://www.microsoft.com/technet/security/Bulletin/MS09-018.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------