Microsoft closes 15-year-old leak in Active Directory

Microsoft has patched a vulnerability in Active Directory in almost all supported Windows versions that made it possible to perform man-in-the-middle attacks. The security hole is said to have been in Active Directory for 15 years.

At the beginning of 2014, Microsoft received a report from the company JAS Global Advisors in which the leak was explained. For example, it is possible for attackers who can monitor data traffic between Active Directory users to perform man-in-the-middle attacks.

The outlined method could be used to install malicious code on vulnerable systems, for example by which admin rights can be obtained. Microsoft therefore qualifies the problem as ‘critical’. In particular, users who connect to company servers via the public internet would be vulnerable, for example if connections are made via open Wi-Fi connections.

In a statement, Microsoft says that the flaws can be found in the Group Policy components of Active Directory. It is also striking that the bug in Microsoft’s Active Directory implementation has been present in various Windows versions for fifteen years. It also took Microsoft more than a year to develop patches, partly because the errors could be found deep into the foundations of Active Directory. By the way, Microsoft will not release an update for Windows Server 2003. Microsoft recommends that companies and organizations that are still running outdated server software turn off the Active Directory service.