This vulnerability involves an LDAP function that is only available if the LDAP server has been configured to support LDAP over SSL sessions, and whose purpose is to allow users to change the data attributes of directory principals. By design, the function should check the authorizations of the user before completing the request; however, it contains an error that manifests itself only when the directory principal is a domain user and the data attribute is the domain password -- when this is the case, the function fails to check the permissions of the requester, with the result that it could be possible for a user to change any other user´s domain login password.

An attacker could change another user´s password for either of two purposes: to cause a denial of service by preventing the other user >from logging on, or in order to log into the user´s account and gain any privileges the user had. Clearly, the most serious case would be one in which the attacker changed a domain administrator´s password and logged into the administrator´s account.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-036.asp for information on obtaining this patch.