CERT-In Vulnerability Note
CIVN-2011-0176
Microsoft Windows Active Directory Authentication Bypass Vulnerability
Original Issue Date:November 09, 2011
Severity Rating: HIGH
Systems Affected
- Windows XP SP3
- Windows XP Professional x64 Edition SP2
- Windows Server 2003 SP2
- Windows Server 2003 x64 Edition SP2 Active Directory
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems SP2
- Windows Server 2008 for x64-based Systems SP2
- Windows 7 for 32-bit Systems SP1 and prior
- Windows 7 for x64-based Systems SP1 and prior
- Windows Server 2008 R2 for x64-based Systems SP1 and prior
Overview
A Vulnerability has been reported in Microsoft Windows, that could allow a remote attacker to bypass authentication restrictions and access resources that are protected with Active Directory authentication.
Description
The vulnerability exists when Active Directory is configured to use LDAP over SSL (not default setting) but fails to validate the revocation status of an SSL certificate against the CRL (Certificate Revocation List) associated with the domain account. As a result, it is possible to allow a certificate to be accepted as valid even after it has been revoked by the certification authority (CA). on successful exploitation, a remote attacker could bypass authentication protections and access the targeted resource.
Solution
Apply appropriate updates as mentioned in the Microsoft Security Bulletin
MS11-086
Vendor Information
Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms11-086
References
Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms11-086
Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=24493
Sophos
http://www.sophos.com/support/knowledgebase/article/114563.html
Secunia
http://secunia.com/advisories/46755/
CVE Name
CVE-2011-2014
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|