One of the security updates that was delayed in the regular patch cycle last week has been released.
MS14-068 is a critical update that addresses a vulnerability in Kerbeos that could allow elevation of privilege. Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability.
As described in the security bulletin:
"An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only."
References:
- KB 3011780: MS14-068: Vulnerability in Kerberos could allow elevation of privilege: November 18, 2014
- TechNet: Microsoft Security Bulletin MS14-068 - Critical
No comments:
Post a Comment