Effects
MS09-066 is not categorized as virus, worm, Trojan or backdoor. It is an important vulnerability in the Windows Active Directory on Windows 2008/2003/XP/2000 computers, which allows hackers to launch denial of service attacks.
The main purpose of Active Directory is to provide central authentication and authorization services for Windows-based computers.
The vulnerable components are:
- Active Directory on Windows 2003/2000.
- Active Directory Application Mode (ADAM) on Windows 2003/XP.
- Active Directory and Active Directory Lightweight Directory Service (AD LDS) on Windows 2008.
However, there is a vulnerability in the LDAP (Lightweight Directory Access Protocol) service, which is a protocol used to access data in the Active Directory. It occurs because the LDAP service does not properly process specific LDAP or LDAPS (LDAP over SSL) requests.
If exploited successfully, it could cause the system to stop responding and require a start.
MS09-066 is usually exploited by creating a special LDAP or LDAPS packet and sending it to the ADAM, AD LDS or Active Directory server. For Windows 2000 any attacking user could exploit this vulnerability; for Windows 2008/2003/XP the attacker must be authenticated.
If you have any of the vulnerable components installed on your computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.
Bear in mind that this bulletin replaces a previous one called MS09-018.