MS09-018 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in the Windows Active Directory on Windows 2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user and to launch denial of service attacks. The main purpose of Active Directory is to provide central authentication and authorization services for Windows-based computers. If exploited successfully, it allows hackers to gain remote control of the affected computer with the same privileges as the logged on user, and it could also cause the system to stop accepting requests. MS09-018 is usually exploited by creating a special LDAP or LDAPS packet and sending it to the Active Directory or ADAM server. For Windows 2000 any attacking user could exploit this vulnerability; for Windows 2003/XP the attacker must be authenticated. If you have a Windows 2003/XP/2000 computer with Active Directory installed, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. Bear in mind that this bulletin replaces previous ones called MS08-060 (only for Windows 2000) and MS08-035. |