The MS07-039 Active Directory update, which is for Windows 2000 Server and Windows Server 2003 systems, should be at the top of enterprise IT administrators' lists, said Eric Schultze, chief security architect with Shavlik Technologies LLC. "That one scares me because those are the crown jewels there. And it looks like you're caught with your pants down at the moment."
The flaw deals with the way Active Directory processes LDAP (Lightweight Directory Access Protocol) client requests. Attackers could create a malicious LDAP request that would then allow them to "take complete control of an affected system," Microsoft warned in its advisory on the flaw.