Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
PC Tools Security for Netbooks
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Help me choose
Flaw in Metadirectory Services Could Allow Privilege Elevation New
A security flaw exists in Microsoft Metadirectory Services (MMS) which may allow a malicious user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators.
Issue
Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed.
A flaw exists that could enable an unprivileged user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators. Specifically, it is possible for an unprivileged user to connect to the MMS data repository via an LDAP client in such a way as to bypass certain security checks. This could enable an attacker to modify data within the MMS data repository, either for the purpose of changing the MMS configuration or replicating bogus data to the other data repositories.
Affected Products
- Microsoft Metadirectory Services 2.2
Download
Software patches are available from the following locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 24, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
