ODITechODITech
  • 1-360-735-9299
  • Chat
  • Client Login
  • filemaker hosting
  • web hosting
  • development
    • filemaker development
    • custom web publishing
  • blog
  • support
    • client area
    • open a ticket
    • knowledge base
    • FAQ
    • chat now
blog » Vulnerability in Microsoft Windows Kerberos KDC
Vulnerability in Microsoft Windows Kerberos KDC

Vulnerability in Microsoft Windows Kerberos KDC

Announcements, News|ODI Technologies, Inc.|November 19, 2014

Situation

Microsoft has revealed a vulnerability in Microsoft Windows Kerberos KDC. It affects a broad range of Windows operating systems, including Windows Server 2003/2008/2012 and Vista 7/8/8.1.

Please refer to the following Microsoft TechNet article for details: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780).

Impact

Microsoft has revealed a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with only local account credentials. When the bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Solution

To close the vulnerability on Windows-based hosts install the security patch from Windows Update.

ODI dedicated server customers who do not have managed or semi-managed servers are strongly advised to apply this patch. For our client who have one of our managed services, we will be scheduling downtime in order to update your server. Please contact ODI support to schedule your server to be updated as soon as possible.

Because this vulnerability affects desktop operating systems as well we are encouraging all of our clients to apply the security patch to thier computers as well.

If you have any questions please contact ODI Support at support@oditech.com or 877-735-9299.

November 19, 2014 ODI Technologies, Inc.

About the author

ODI Technologies, Inc.

Recent Posts

  • Server Restored Contexts
    Server Restored ContextsJanuary 22, 2021
  • Universal Tagging System
    Universal Tagging SystemJanuary 22, 2021
  • Advanced JSON Script Parameters
    Advanced JSON Script ParametersJanuary 22, 2021

Popular Posts

  • Working with SVGs
    Working with SVGsJanuary 22, 2021
  • Top 5 Time Saving Tips
    Top 5 Time Saving TipsJune 8, 2017
  • Custom Function Database 13 – Parsing JSON
    Custom Function Database 13 – Parsing JSONJune 12, 2017
  • blog
  • terms of service
  • privacy policy
  • about us
Copyright ODI Technologies, Inc. All Rights Reserved
FileMaker is a trademark of FileMaker, Inc., registered in the U.S. and other countries.