Microsoft releases emergency security patch for Windows and Windows Server
Microsoft emergency patch fixes a Windows and Windows Server vulnerability hackers are exploiting to compromise networks
Microsoft has released an emergency security patch to fix a vulnerability in Windows and Windows Server hackers are exploiting to compromise networks.
Microsoft said a vulnerability (MS14-068) in the Kerberos authentication system allows a user to escalate their privileges to access domain administrator rights.
“By impersonating the domain administrator, the attacker could install programs; view, change or delete data; or create new accounts on any domain-joined system,” Microsoft said.
MS14-068 was one of two security bulletins held back last week in Microsoft’s bumper monthly security update for November of 14 bulletins addressing nearly 40 individual vulnerabilities.
Microsoft held back MS14-068 because it showed some last-minute stability problems, according to the chief technology officer at security firm Qualys, Wolfgang Kandek.
“It is a privately disclosed vulnerability so this should not have a major effect on a company's security situation, but we know we will get at least one critical Windows patch in December,” he said.
According to Microsoft, malicious software can exploit this vulnerability to compromise the entire network.
READ MORE ABOUT MICROSOFT SECURITY
- Microsoft holds back two security bulletins
- Microsoft re-releases security bulletin MS14-045
- Microsoft withdraws problematic Windows update
- Russian cyber criminals exploit Microsoft bug
- An introduction to Microsoft Office 365 security
Attacks limited and targeted
Microsoft said the vulnerable component is in all supported versions of Windows up to 8.1 and Windows Server up to 2012 R2.
The patch for Windows Server systems is rated “critical”.
Although client systems are not considered a target for attack, Microsoft is advising desktop, notebook and tablet users to install the update as a precautionary measure.
Microsoft said it had received reports of "limited, targeted attacks" exploiting the flaw.
Mitigating factors include the fact that an attacker must have valid domain credentials to exploit the vulnerability.
“The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only,” Microsoft said.
The software firm thanked the Qualcomm information security and risk management team for reporting the vulnerability.