Sometimes I don’t understand Microsoft’s vulnerability classifications

Here’s a great example:

MS13-079 – Vulnerability in Active Directory Could Allow Denial of Service (2853587)

Basically, this patches a vulnerability where an attacker can send a specially crafted LDAP query to an Active Directory domain controller and cause the LDAP service to fail. Here’s the attack scenario I see:

  1. Start or gain control on a domain connected system.
  2. Query DNS for list of DCs.
  3. Send crafted LDAP query to all DCs, thereby dropping LDAP service on all DCs.

Since communicating with Active Directory requires LDAP and you can effectively DoS the AD infrastructure, this isn’t a small issue. I’m assuming it’s not rated critical because:

  • It was a privately reported vulnerability.
  • There is no public exploit yet.
  • There is no attack in the wild, targeted or otherwise, yet.
  • It’s not easy to craft the exploit. (I hope this is the case).

However, I would still think this should have been rated critical given the impact if exploited.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: