You are here

Microsoft Windows Kerberos KDC Vulnerability

IDs: 
CVE-2014-6324, MS14-068
Keywords: 
Kerberos, KDC
Description: 

A critical vulnerability in the Microsoft Windows Kerberos Key Distribution Center (KDC) has been released. All server versions of Windows are affected [1].

An attacker that successfully exploited this vulnerability could impersonate any user on the domain, including domain administrators, and join any group.

Airlock WAF and especially the Airlock Kerberos Agent [3] are not affected by the vulnerability.

Resolution: 

If you are using the Microsoft Kerberos KDC we recommend to install the security update referenced in the Microsoft Security Bulletin MS14-068 [2] on all affected systems.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution