Sometimes I don’t understand Microsoft’s vulnerability classifications

Here’s a great example:

MS13-079 – Vulnerability in Active Directory Could Allow Denial of Service (2853587)

Basically, this patches a vulnerability where an attacker can send a specially crafted LDAP query to an Active Directory domain controller and cause the LDAP service to fail. Here’s the attack scenario I see:

  1. Start or gain control on a domain connected system.
  2. Query DNS for list of DCs.
  3. Send crafted LDAP query to all DCs, thereby dropping LDAP service on all DCs.

Since communicating with Active Directory requires LDAP and you can effectively DoS the AD infrastructure, this isn’t a small issue. I’m assuming it’s not rated critical because:

  • It was a privately reported vulnerability.
  • There is no public exploit yet.
  • There is no attack in the wild, targeted or otherwise, yet.
  • It’s not easy to craft the exploit. (I hope this is the case).

However, I would still think this should have been rated critical given the impact if exploited.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: