Friday, November 28, 2014

Microsoft rushes patch for Kerberos flaw

Windows security flaw being exploited by cyber criminals got an urgent patch apart from November Patch Tuesday. Kerberos - an authentication system used by all versions of Microsoft Windows is responsible for the issue that allows remote attackers to gain elevated privileges of domain administrator. Microsoft advisory states, "A remote elevation of privilege vulnerability exists in implementations of Kerberos KDC in Microsoft Windows. The vulnerability exists when the Microsoft Kerberos KDC implementations fail to properly validate signatures, which can allow for certain aspects of a Kerberos service ticket to be forged." Microsoft credits information security and risk management team of Qualcomm for identifying the issue. According to company, Windows Server 2012 and Windows Server 2012 R2 machines are not prone to this vulnerability. Users are advised to apply the patch on earliest basis. <more>

No comments: