You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

MS09-018

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

MS09-018 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in the Windows Active Directory on Windows 2003/XP/2000 computers, which allows hackers to gain remote control of the affected computer with the same privileges as the logged on user and to launch denial of service attacks.

The main purpose of Active Directory is to provide central authentication and authorization services for Windows-based computers.

There is a vulnerability in the LDAP (Lightweight Directory Access Protocol) service, which is a protocol used to access data in the Active Directory.

The addressed vulnerabilities are:

  • Active Directory Invalid Free vulnerability: a remote code vulnerability which occurs because the LDAP service incorrectly frees memory upon handling specially crafted LDAP or LDAPS requests.

    If exploited successfully, it allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
  • Active Directory Memory Leak vulnerability: a denial of service vulnerability which occurs because the LDAP service improperly manages memory while executing LDAP or LDAPS requests that contain specific OID filters. An OID or Object Identifier is used to name an LDAP object.

    If exploited successfully, it could cause the system to stop accepting requests.

 

MS09-018 is usually exploited by creating a special LDAP or LDAPS packet and sending it to the Active Directory or ADAM server. For Windows 2000 any attacking user could exploit this vulnerability; for Windows 2003/XP the attacker must be authenticated.

 

If you have a Windows 2003/XP/2000 computer with Active Directory installed, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.

Bear in mind that this bulletin replaces previous ones called MS08-060 (only for Windows 2000) and MS08-035.