• »
  • Latest Threats
  • Desktop
  • Server
  • critical Severity (Can fully compromise system)

Windows Server vulnerability allows attacker to elevate privileges to administrator

critical Severity            Affects:
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

A flaw in the Kerberos KDC protocol for Windows Server versions since 2003 allows a malicious user to elevate privileges to administrator level. This vulnerability has been documented in the following advisory: Kerberos Checksum Vulnerability - CVE-2014-6324

Kerberos is a protocol that is used to mutually authenticate users and services on an open and unsecured network. It allows services to correctly identify the user of a Kerberos ticket without having to authenticate the user at the service. It does this by using shared secret keys.

An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.

The security update addresses the vulnerability by correcting signature verification behavior in Windows implementations of Kerberos.

The following versions of Windows Server are affected:

Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 and Windows Server 2012 R2
Server Core installation option


Also, this affects the following desktop Windows versions as well:

Windows Vista
Windows 7
Windows 8 and Windows 8.1
Windows RT and Windows RT 8.1

[Read advisory for Windows desktop]



RECOMMENDATION

Patching the vulnerability:

The fix patch is applied via Windows Update on the affected machine(s).

To view more in-depth details about the affected versions see Microsoft Security Bulletin MS14-068 

There are no known workarounds.