Windows (KDC) Privilege Escalation Vulnerability (CVE-2014-6324) (MS14-068)

Windows (KDC) Privilege Escalation Vulnerability (CVE-2014-6324) (MS14-068)

Release date:
Updated on:

Affected Systems:
Microsoft Windows Server 2012 GoldR2
Microsoft Windows Server 2012 Gold
Microsoft Windows 7 SP1
Microsoft Windows Vista SP2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2003 SP2
In Microsoft Windows 8.1
Microsoft Windows 8
Description:
CVE (CAN) ID: CVE-2014-6324

Windows Kerberos Key Distribution Center (KDC) provides session tickets and temporary session keys for users and computers in the target region of the activity.

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold/R2, windows Kerberos has a security vulnerability in the authentication process of PAC (Privilege Attribute Certificate) in kerberos tickets, low-Permission authenticated remote attackers can exploit this vulnerability to forge a PAC and verify it through the Key Distribution Center (Kerberos KDC). Successful attacks allow attackers to gain higher permissions and gain domain management permissions.

<* Source: Qualcomm Information Security & Risk Management team
Tom Maddock

Link: http://www.symantec.com/security_response/vulnerability.jsp? Bid = 70958 & om_rssid = sr-advisories
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 36460
Https://technet.microsoft.com/library/security/MS14-068
*>

Suggestion:
Vendor patch:

Microsoft
---------
Microsoft has released a Security Bulletin (MS14-068) and patches for this:
MS14-068: MS14-068
Link: https://technet.microsoft.com/library/security/MS14-068

This article permanently updates the link address: