Quote:
Originally Posted by qasdfdsaq
Windows update.
Reboot.
Simples.
|
Not always that simple on a production domain controller and when the patch isn't on windows update. This new bug which lets any domain user become admin is a very nice privilege escalation goodie and is serious enough for MS to make an out-of-cycle patch quickly instead of waiting for the next patch date
Broken kerberos
Quote:
Vulnerability Details
CVE-2014-6324 allows remote elevation of privilege in domains running Windows domain controllers. An attacker with the credentials of any domain user can elevate their privileges to that of any other account on the domain (including domain administrator accounts).
The exploit found in-the-wild targeted a vulnerable code path in domain controllers running on Windows Server 2008R2 and below. Microsoft has determined that domain controllers running 2012 and above are vulnerable to a related attack, but it would be significantly more difficult to exploit. Non-domain controllers running all versions of Windows are receiving a “defense in depth” update but are not vulnerable to this issue.
|
http://blogs.technet.com/b/srd/archi...2014-6324.aspx
---------- Post added at 00:44 ---------- Previous post was at 00:39 ----------
Quote:
Originally Posted by joglynne
 I really must stop reading the threads in the Virus and Security Discussion area. They make me twitchy for the rest of the day as I wouldn't have a clue where to start dealing with the issues they raise. |
Mostly info for system administrators, so leave the worrying to them
You have a nice router giving you good protection via NAT (forget their mostly useless firewalls) so half of these problems can't get to you. So sleep well and forget all about the other half still left...