Printed 2017/08/17 01:38PM

Sometimes I don't understand Microsoft's vulnerability classifications


Here's a great example:


  MS13-079 - Vulnerability in Active Directory Could Allow Denial of Service (2853587)


Basically, this patches a vulnerability where an attacker can send a specially crafted LDAP query to an Active Directory domain controller and cause the LDAP service to fail. Here's the attack scenario I see:


  1. Start or gain control on a domain connected system.
  2. Query DNS for list of DCs.
  3. Send crafted LDAP query to all DCs, thereby dropping LDAP service on all DCs.


Since communicating with Active Directory requires LDAP and you can effectively DoS the AD infrastructure, this isn't a small issue. I'm assuming it's not rated critical because:



However, I would still think this should have been rated critical given the impact if exploited.

Copyright © 2002-2017 Redgate. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.