Tagged: microsoft

TA14-323A: Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability 0

TA14-323A: Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability

Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [ 1 ] Description The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged

Microsoft Releases Emergency Security Update 0

Microsoft Releases Emergency Security Update

Microsoft today deviated from its regular pattern of releasing security updates on the second Tuesday of each month, pushing out an emergency patch to plug a security hole in all supported versions of Windows . The company urged Windows users to install the update as quickly as possible, noting that miscreants already are exploiting the weaknesses to launch targeted attacks. The update ( MS14-068 ) addresses a bug in a Windows component called Microsoft Windows Kerberos KBC , which handles authenticating Windows PCs on a local network

VU#213119: Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature 0

VU#213119: Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature

Vulnerability Note VU#213119 Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature Original Release date: 18 Nov 2014 | Last revised: 18 Nov 2014 Overview Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain. Description CWE-347 : Improper Verification of Cryptographic Signature The Microsoft Windows Kerberos KDC fails to properly check for valid signatures in the Privilege Attribute Certificate (PAC) included with the Kerberos ticket request. A domain user may forge the information contained in the PAC to request higher user privileges than should be allowed.

Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV 0

Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV

Original release date: November 17, 2014 Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later OS X Yosemite v10.10.1 for Macintosh Apple TV 7.0.2 for Apple TV 3rd generation and later US-CERT encourages users and administrators to review Apple security updates HT6590 , HT6572 and HT6592 , and apply the necessary updates.