Windows Kerberos bug: How to detect signs of exploitation before the update?

  • 21 November 2014
  • 0 replies
  • 411 views

Userlevel 7
Author: Zeljka Zorz HNS managine editor/ Posted on 20 November 2014
 
Microsoft has shared more details about the critical elevation of privilege bug found in Microsoft Windows Kerberos Key Distribution Center (CVE-2014-6324) which is being exploited in "limited, targeted attacks" in the wild, and has once again urged admins and users to apply the issued patch.

The vulnerability is remotely and easily exploitable, and allows remote elevation of privilege in domains running Windows domain controllers. An attacker in possession of the credentials of any domain user can elevate their privileges to that of any other account on the domain (including domain administrator accounts).

After explaining how Kerberos works, they pointed out that currently only domain controllers running on Windows Server 2008R2 and below are under attack, and that they should be the first one to get updated.

The next ones are domain controllers running 2012 and above because they are vulnerable to a related attack that's more difficult to execute, and then, finally, all other systems running any version of Windows.

These updates are the only way to plug this hole, as there are no workarounds available.
 
 
full article

0 replies

Be the first to reply!

Reply