Microsoft’s MS14-068 update fixes a vulnerability in Windows Kerberos implementations that allows attackers to elevate any domain user privileges to administrator privileges. Microsoft has warned that the exploit has been found in the wild deemed the patch “critical.” The company advises system administrators to immediately install it.
If an attacker were to have valid domain credentials, he could exploit the vulnerability (CVE-2014-6324) to elevate his privileges and compromise any computer in the domain, including domain controllers.
Topics: Business IT