A New Vulnerability in Active Directory (MS09-018)

Exploitable On Patch Tuesday for June 2009 (yesterday, June 9, 2009) Microsoft released security bulletin MS09-18 yesterday to address a vulnerability in Active Directory and Active Directory Application Mode (ADAM) that could allow remote code execution.

It’s should not come as a shock Microsofts Active Directory and Active Directory Application Mode (ADAM) contain insecure code, allowing for much mayhem in enterprise environments. Since MS07-039, MS08-003, MS08-35 and MS08-60 you should have experience with patching these particular Server Roles.

What I did find shocking was the way Microsoft talks about Active Directory Application Mode (ADAM), which is the old name for what most of us now call Active Directory Lightweight Directory Services (ADLDS), but when I examined the Security Bulletin I found out just why:

This vulnerability does not affect Windows Server 2008.

Again, Windows Server 2008 (and Windows Vista) are on the list with unaffected versions of Windows. Up to today only MS08-60 applies to Windows Server 2008. Recollecting: This was a moderate (not a critical) vulnerability that allows denial of service (not remote code execution).

To me, this shows the exceptional feat the Microsoft teams have accomplished in Windows Server 2008. It strengths me in my belief: Windows Server 2008 is the most secure Windows Server platform to date.

For all you Windows 2000 Server and Windows Server 2003 admins out there:

Happy patching!
(especially you, Windows 2000 Server aficionados!)


Further reading

971055 MS09-018: Vulnerabilities in Active Directory could allow remote code execution
969805 MS09-018: Description of the security update for Active Directory: June 2009
970437 MS09-018: Description of the security update for Active Directory Application Mode (ADAM): June 2009
(MS09-018) Microsoft Windows Active Directory Memory Leak Vulnerability (971055)

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.