|
National Cyber Awareness System: 11/19/2014 03:20 AM EST
Original release date: November 19, 2014
Systems Affected
OverviewA remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [1] DescriptionThe Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise. At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability. ImpactA valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller. [2] SolutionAn update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.[1, 3] References
Revision History
This product is provided subject to this Notification and this Privacy & Use policy.
SUBSCRIBER SERVICES:
|
||||||||||||
