Active Directory (AD) is the Microsoft implementation of Lightweight Directory Access Protocol (LDAP) directory services used primarily in the Windows operating environment to provide centralized access control (authentication and authorization) services for Windows-based computers. Using a database for storage of system, user, software, and policy information, Active Directory also allows IT administrators to assign policies, deploy software, and apply critical updates to an organization.

"As our research and development team continues to build leading-edge unified client security solutions to secure the Windows operating environment, we strive to provide Microsoft with information we uncover in order to help them in their drive to continue to provide a secure operating system and supporting application services,” said Thomas Garnier, Senior Research Engineer at SkyRecon Systems Inc. “During our ongoing research in and integration with the Windows Active Directory service, we found an important vulnerability which could be used to effectively disable the Active Directory service, rendering the system unusable."

The vulnerability affects the Active Directory component in the following 32-bit, 64-bit, and Itanium versions of the Windows Operating systems: Windows XP Professional, Windows 2000 Server, and Windows 2003 Server. The vulnerability also affects implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows 2003 Server editions. If exploited, the vulnerability could allow an attacker to cause the system to stop responding or automatically restart. The vulnerability has been addressed by validating client LDAP requests.

More information regarding the vulnerability and Microsoft Security Bulletin can be found at:
-- Microsoft Security Bulletin MS08-003 – Important Vulnerability

SkyRecon’s StormShield uses multiple layers of protection to address every critical aspect of system and data protection and does so through a single, lightweight agent. As the industry’s first unified endpoint protection solution to integrate behavioral-based host intrusion prevention with device control and content encryption, StormShield provides real-time defenses designed to protect an organization’s endpoints and the critical business data that resides on them – without the need for patches or signatures.