Security Advisor

'Critical' Windows Hole Gets Out-of-Band Patch

Microsoft released a crypto fix that has been seen to be in limited exploit against Windows Server.

Microsoft released an out-of-band security patch for all supported version of Windows OS and Windows Server today. While all versions of Windows will be receiving a fix, only Windows Server versions are vulnerable to attack.                        

Originally scheduled for last week's Patch Tuesday release, bulletin MS14-068 was delayed until this morning. The fix addresses a privately reported issue in Microsoft Windows Kerberos key distribution center (KDC) -- a protocol used to authenticate users on an unsecured network. According to the bulletin release, if ignored by network admins, the flaw could lead to an elevation of privilege for unauthorized users.

Going into more detail on the flaw, Craig Young, security researcher at Tripwire, said the problem stems from the Kerberos KDC experiencing a crypto failure.

"The problem stems from a failure to properly validate cryptographic signatures which allows certain aspects of a Kerberos service ticket to be forged," said Young in an e-mailed statement.  "The vulnerability has already been used in limited attacks and should be considered a serious risk to enterprises using Kerberos KDC on a Windows domain. Windows servers in affected environments should be patched at once to prevent exploitation."

According to Microsoft, the patching priority is as follows:

  1. Domain controllers running Windows Server 2008 R2 and below
  2. Domain controllers running Windows Server 2012 and higher
  3. All other systems running any version of Windows

Windows Server 2008 R2 and Windows Server 2003 are the top priorities today due to the limited attacks already seen in the wild targeting that version. While later versions are also vulnerable, Microsoft said that getting a working exploit will be much more difficult.

The company said the only way to fix domains that have already been breached by the attacker is to tear it down and start from scratch. "The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain," wrote Joe Bialek, an engineer with Microsoft Security Response Center. "An attacker with administrative privilege on a domain controller can make a nearly unbounded number of changes to the system that can allow the attacker to persist their access long after the update has been installed."

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.