Microsoft Windows Kerberos KDC Vulnerability

Submitted on 24. November 2014 - 16:19 by rischi.
Last update on 24. November 2014 - 17:05.

IDs:

CVE-2014-6324, MS14-068

Keywords:

Kerberos, KDC

Description:

A critical vulnerability in the Microsoft Windows Kerberos Key Distribution Center (KDC) has been released. All server versions of Windows are affected [1].

An attacker that successfully exploited this vulnerability could impersonate any user on the domain, including domain administrators, and join any group.

Airlock WAF and especially the Airlock Kerberos Agent [3] are not affected by the vulnerability.

Resolution:

If you are using the Microsoft Kerberos KDC we recommend to install the security update referenced in the Microsoft Security Bulletin MS14-068 [2] on all affected systems.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Back-ends may be vulnerable, see resolution

Reference:

[1] Additional information about CVE-2014-6324

[2] Microsoft Security Bulletin MS14-068 - Critical

[3] Airlock Kerberos Agent

Main menu

Navigation

User menu

You are here

Microsoft Windows Kerberos KDC Vulnerability

Main menu

Search form

Navigation

User menu

You are here

Microsoft Windows Kerberos KDC Vulnerability