Microsoft Goes Out-of-Band for Priviledge Escalation Flaw
Page 1 of 1
MS14-068, is now out in an emergency out-of-band patch update for a critical vulnerability in the Windows Kerberos authentication mechanism.
The vulnerability has been identified as CVE-2014-6324, and, according to Microsoft's advisory, an attacker could potentially exploit the Kerberos vulnerability to elevate unprivileged domain user account privileges to those of the domain administrator account.
"An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers," Microsoft warned. "When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability."