MS13-032 Vulnerability in Active Directory Could Allow Remote Code Execution (Important)

Reading Time: 3 minutes

It’s not often, that Active Directory Domain Controllers get security updates. The Active Directory Domain Services Server Role is one of the most robustly written code, as I pointed out in an earlier blogpost on Statistics on Active Directory-related Security Bulletins. Since 2001, Microsoft has issued 18 Security Bulletins with patches to address issues in Active Directory Directory Services, Active Directory Lightweight Directory Services and ADAM.

Yesterday, during the April 2013 Patch Tuesday, Microsoft has released a new Active Directory-related security bulletin: MS13-032.

This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service, that leads to excessive memory consumption and could cause the LDAP service to become non-responsive. This issue was privately reported to Microsoft and documented as CVE-2013-1282

This Security update is not classified as Critical, since an attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account.

 

Affected Operating Systems

This security update is rated Important for Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on the following, currently supported, Windows Server Operating Systems:

  • Active Directory on Windows Server 2003 SP2 x86
  • Active Directory on Windows Server 2003 SP2 x64
  • Active Directory Application Mode (ADAM) on Windows Server 2003 SP2 x86
  • Active Directory Application Mode (ADAM) on Windows Server 2003 SP2 x64
  • Active Directory Services on Windows Server 2008 SP2 x86
  • Active Directory Services on Windows Server 2008 SP2 x64
  • Active Directory Application Mode (ADAM) on Windows Server 2008 SP2 x86
  • Active Directory Application Mode (ADAM) on Windows Server 2008 SP2 x64
  • Active Directory Services on Windows Server 2008 R2
  • Active Directory Application Mode (ADAM) on Windows Server 2008 R2
  • Active Directory Services on Windows Server 2008 R2 SP1
  • Active Directory Application Mode (ADAM) on Windows Server 2008 R2 SP1
  • Active Directory Services on Windows Server 2012

This security update is rated Low for Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Services (AD LDS) on the following, currently supported, Windows client Operating Systems:

    • Active Directory Application Mode (ADAM) on Windows XP SP3
    • Active Directory Application Mode (ADAM) on Windows XP Professional x64 SP2
    • Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2 x86
    • Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2 x64
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 7 x86
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 7 x64
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 7 SP1 x86
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 7 SP1 x64
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 8 x86
    • Active Directory Lightweight Directory Service (AD LDS) on Windows 8 x64

The security update addresses the vulnerability by correcting how the LDAP service handles specially crafted LDAP queries.

On all affected Operating Systems, except for Windows 8 and Windows Server 2012, this security update replaces Security update MS11-095.

 

Guidance

You are urged to test and implement the update corresponding to the Security Bulletin on the affected Operating Systems running the aforementioned Active Directory services.

Related Posts

MS08-003 Security Update for Active Directory
A New Vulnerability in Active Directory (MS09-018)
MS11-095 Vulnerability in Active Directory could allow Remote Code Execution (Important)
Statistics on Active Directory-related Security Bulletins

Further reading

Microsoft Security Bulletin MS13-032 – Important
MS13-032: Vulnerability in Active Directory could lead to denial of service: April 9, 2013
Microsoft Windows Active Directory CVE-2013-1282 Denial of Service Vulnerability
Vulnerability Summary for CVE-2013-1282

Posted on April 10, 2013 by Sander Berkouwer in Active Directory, Enterprise Security, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2012, Security Updates

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.