Patch Tuesday this month contained the most security advisories since June 2011, five of which were critical Windows fixes. But it seems that Microsoft missed another critical fix: the Kerberos Checksum Vulnerability (CVE-2014-6324) allows normal users of all supported versions of Windows to elevate their privileges to the level of domain administrator – remotely.
“The vulnerability exists when the Microsoft Kerberos KDC implementations fail to properly validate signatures, which can allow for certain aspects of a Kerberos service ticket to be forged,” Microsoft said. This means an attacker could compromise “any computer in the domain, including domain controllers.”
Microsoft has issued emergency patch MS14-068:
“This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1.”
If you’re a system administrator and you haven’t already applied the patch, you should do so immediately.
If your domain has already been compromised – and Microsoft has said that it was ‘aware of limited, targeted attacks that attempt to exploit this vulnerability’ – then the only remedial action is a complete rebuild of the domain.
ISO 27001, the international standard that describes best practice for an information security management system (ISMS), encompasses people, process and technology, and is perfect for patch management as it:
- ensures you have the right people
- provides the right processes for specific tasks
- provides the right technology to carry out those tasks.
ISO 27001 is a heavily dependent on documentation, which is why we have created the ISO 27001 Documentation Toolkits. These toolkits contain template documentation that will help you implement ISO 27001 faster and more effectively.