Here's a great example:
MS13-079 - Vulnerability in Active Directory Could Allow Denial of Service (2853587)
Basically, this patches a vulnerability where an attacker can send a specially crafted LDAP query to an Active Directory domain controller and cause the LDAP service to fail. Here's the attack scenario I see:
- Start or gain control on a domain connected system.
- Query DNS for list of DCs.
- Send crafted LDAP query to all DCs, thereby dropping LDAP service on all DCs.
Since communicating with Active Directory requires LDAP and you can effectively DoS the AD infrastructure, this isn't a small issue. I'm assuming it's not rated critical because:
- It was a privately reported vulnerability.
- There is no public exploit yet.
- There is no attack in the wild, targeted or otherwise, yet.
- It's not easy to craft the exploit. (I hope this is the case).
However, I would still think this should have been rated critical given the impact if exploited.
