'Critical' Windows Hole Gets Out-of-Band Patch -- Redmondmag.com

'Critical' Windows Hole Gets Out-of-Band Patch

Microsoft released a crypto fix that has been seen to be in limited exploit against Windows Server.

By Chris Paoli
11/18/2014

Microsoft released an out-of-band security patch for all supported version of Windows OS and Windows Server today. While all versions of Windows will be receiving a fix, only Windows Server versions are vulnerable to attack.

Originally scheduled for last week's Patch Tuesday release, bulletin MS14-068 was delayed until this morning. The fix addresses a privately reported issue in Microsoft Windows Kerberos key distribution center (KDC) -- a protocol used to authenticate users on an unsecured network. According to the bulletin release, if ignored by network admins, the flaw could lead to an elevation of privilege for unauthorized users.

Going into more detail on the flaw, Craig Young, security researcher at Tripwire, said the problem stems from the Kerberos KDC experiencing a crypto failure.

"The problem stems from a failure to properly validate cryptographic signatures which allows certain aspects of a Kerberos service ticket to be forged," said Young in an e-mailed statement. "The vulnerability has already been used in limited attacks and should be considered a serious risk to enterprises using Kerberos KDC on a Windows domain. Windows servers in affected environments should be patched at once to prevent exploitation."

According to Microsoft, the patching priority is as follows:

Domain controllers running Windows Server 2008 R2 and below
Domain controllers running Windows Server 2012 and higher
All other systems running any version of Windows

Windows Server 2008 R2 and Windows Server 2003 are the top priorities today due to the limited attacks already seen in the wild targeting that version. While later versions are also vulnerable, Microsoft said that getting a working exploit will be much more difficult.

The company said the only way to fix domains that have already been breached by the attacker is to tear it down and start from scratch. "The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain," wrote Joe Bialek, an engineer with Microsoft Security Response Center. "An attacker with administrative privilege on a domain controller can make a nearly unbounded number of changes to the system that can allow the attacker to persist their access long after the update has been installed."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.