Flaw: Microsoft Metadirectory Services

Microsoft Metadirectory Services (MMS) is a centralised metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments.

Microsoft's security bulletin reads: "A flaw exists that could enable an unprivileged user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators. Specifically, it is possible for an unprivileged user to connect to the MMS data repository via an LDAP client in such a way as to bypass certain security checks. This could enable an attacker to modify data within the MMS data repository, either for the purpose of changing the MMS configuration or replicating bogus data to the other data repositories."

More info and a patch can be found here

Join the newsletter!

Error: Please check your email address.

More about Microsoft

Show Comments

Market Place