<< Back
CVE Number Vulnerability Product Severity Date
MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) Windows XP Important 09-11-2011

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in Active Directory when configured to use LDAP over SSL (LDAPS). An attacker could exploit this vulnerability by using a previously revoked certificate to authenticate to the Active Directory domain and gain access to network resources or run code under the privileges of a specific authorized user with which the certificate is associated.


Further information on this exploit is available at : MS11-086

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1