Thursday, March 28, 2024
HomeUncategorizedMicrosoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability - US-Cert Alert (TA14-323A)

Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability – US-Cert Alert (TA14-323A)

Systems Affected

  • Microsoft Windows Vista, 7, 8, and 8.1
  • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

Overview
A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system.

Systems Affected

  • Microsoft Windows Vista, 7, 8, and 8.1
  • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

Overview
A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system.

Description
The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise.

At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability.

Impact

A valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller.

Solution
An update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.

References

Revisions
November 19, 2014: Initial Draft

Link to article

Related Articles
- Advertisment -

Most Popular

Recent Comments

Debra K. Lawrence on Hotels you’ll never forget
Leith Yearwood on Snake Cut
Georgina Lambert-Calvert on What has happened to some of our young folks
Caribbean C Live on John Gimlette’s Voyages
Rev. Adunnola Waterman-French on GAC 2012 Reunion – A perfect Take-off
Georgina Lambert-Calvert on Guyana Emancipation (Freedom) Day History
Althea Garraway on Tapir
Open chat
Hello
Can we help you?