Update Protection against Microsoft Windows LSASS Malformed LDAP Messages Heap Overflow Vulnerability (MS10-068)
| Check Point Reference: | CPAI-2010-230 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS10-068 | |
| Industry Reference(s): | CVE-2010-0820 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Active Directory:
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP2 (Itanium)
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2
Active Directory Application Mode (ADAM):
Windows XP SP3
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Active Directory Lightweight Directory Service (AD LDS):
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems SP2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems SP2
Windows Server 2008 R2 for x64-based Systems
| ||
| Vulnerability Description An authenticated elevation of privilege vulnerability has been discovered in implementations of Active Directory on Microsoft Windows. Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Application Mode (ADAM) is a Lightweight Directory Access Protocol (LDAP) directory service that runs as a user service. A remote attacker can exploit the vulnerability to cause a denial of service condition on the target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS10-068 |
|
|
Vulnerability Details The vulnerability is due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles certain LDAP messages. A remote attacker may trigger this vulnerability by sending specially crafted LDAP messages to a listening LSASS server. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code and take complete control of an affected system. |
Protection Overview
This protection will detect and block malformed LDAP packets. IPS-1 is has been preemptive against this vulnerability since 2008.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.