Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 November, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft to release emergency patch for Windows Kerberos flaw tonight

by The Gurus
September 11, 2020
in Editor's News
Share on FacebookShare on Twitter

Microsoft has announced that is to release an out-of-band patch tonight to address a vulnerability in Windows.

In a very short statement, Tracey Pretorius, director of response communications at Microsoft, said: “We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.”

The emergency bulletin,MS14-068, specifically patches an elevation of privilege issue in Windows.

Affected operating systems include Windows Servers 2003, 2008 and 2012, Windows Server 2008 R2 and 2012 R2.

Ken Westin, security analyst at Tripwire, said:This patch MS14-068 ,along with MS14-075, were listed in Tuesday’s bulletin from Microsoft, but were listed as ‘release date to be determined’, which is a rather odd occurrence.

“This patch fixes a privilege escalation vulnerability in all versions of Windows and is something that should be updated quickly. This out-of-band patch can cause some retailers heartburn as they prepare for the holidays and the dreaded holiday ‘code freeze’ which many organisations may deploy in anticipation of the shopping season to minimize disruption or down time caused by any errant changes. Particularly as the other MS14-075 patch is still outstanding, however that is believed to be a patch for Microsoft Exchange Server.”

It was revealed in a second advisory by Joe Bialek from the Microsoft Resource Centre Engineering team that the flaw, CVE-2014-6324, addresses a Windows Kerberos implementation elevation of privilege vulnerability that is being exploited in-the-wild in limited, targeted attacks.

He said: “CVE-2014-6324 allows remote elevation of privilege in domains running Windows domain controllers. The exploit found in-the-wild targeted a vulnerable code path in domain controllers running on Windows Server 2008R2 and below. Microsoft has determined that domain controllers running 2012 and above are vulnerable to a related attack, but it would be significantly more difficult to exploit. Non-domain controllers running all versions of Windows are receiving a “defense in depth” update but are not vulnerable to this issue.

“CVE-2014-6324 fixes an issue in the way Windows Kerberos validates the PAC in Kerberos tickets. Prior to the update it was possible for an attacker to forge a PAC that the Kerberos KDC would incorrectly validate. This allows an attacker to remotely elevate their privilege against remote servers from an unprivileged authenticated user to a domain administrator.”

FacebookTweetLinkedIn
Tags: EmergencyMicrosoftPatchWindows
ShareTweet
Previous Post

Exclusive – Centrify says it defeated attempted targeted attack

Next Post

Victims of identity fraud concerned about recurrences

Recent News

Laptop, phone, hands

40% of Cybersecurity Departments Want More Budget to Upskill Employees

November 24, 2023
AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement

November 24, 2023
Half of Cybersecurity Professionals Kept Awake By Workload Worries

Half of Cybersecurity Professionals Kept Awake By Workload Worries

November 24, 2023
Cyber Mindfulness Corner Company Spotlight: Pentest People

Cyber Mindfulness Corner Company Spotlight: Pentest People

November 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information