Author Topic: Windows Critical Updates  (Read 1359 times)

Alex Allen

  • Administrator
  • Full Member
  • *****
  • Posts: 1235
    • View Profile
    • Stop My Theft
Windows Critical Updates
« on: November 21, 2014, 04:10:00 pm »
Dear Valued Clients with Domain Controllers;
FYI; an out of cycle patch by Microsoft has released an update to patch a critical security hole that is being actively exploited to hack Windows-based servers. A flaw in the Windows implementation of the Kerberos authentication protocol allows attackers with credentials for low-level accounts to remotely hijack extremely sensitive Windows domain controllers that allocate privileges on large corporate networks. The privilege elevation bug is already being exploited in highly targeted attacks and gives hackers extraordinary control over vulnerable networks.

From SANS NewsBites Vol. 16 Num. 93
--Microsoft Issues Emergency Patch for Flaw in Kerberos Authentication Protocol (November 18 & 19, 2014) Microsoft has released an out-of-cycle update (MS14-068) to address a critical flaw in the Kerberos authentication protocol that is being actively exploited. The vulnerability can be exploited to elevate privileges to those of the domain administrator. The issue affects all currently supported versions of Windows and Windows Server. The protocol manages authentication for Windows PCs on local networks. The problem is more serious for Windows Server than for Windows home users.


https://technet.microsoft.com/library/security/MS14-068
http://arstechnica.com/security/2014/11/unscheduled-windows-update-kills-critical-security-bug-under-active-attack/
http://www.theregister.co.uk/2014/11/18/youll_most_definitely_believe_what_microsoft_did_today/
http://www.zdnet.com/details-emerge-on-windows-kerberos-vulnerability-7000035976/
http://krebsonsecurity.com/2014/11/microsoft-releases-emergency-security-update/


Internet Storm Center:
https://isc.sans.edu/forums/diary/Microsoft+November+out-of-cycle+patch+MS14-068/18967