Microsoft Security Bulletin MS09-018 – Critical

This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Windows Server 2003 and Microsoft Windows 2000 Server, and Active Directory Application Mode (ADAM) when installed on Windows Server 2003 and Windows XP Professional. The more severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.

An attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices & standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server, & rated Important for supported versions of Win XP Professional and Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the LDAP service allocates & frees memory while processing specially crafted LDAP or LDAPS requests.

http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx