Patch/Configuration Management, Vulnerability Management

Microsoft issues delayed elevation of privilege patch

Microsoft issued a patch for an elevation of privilege issue on Tuesday, a week after its official Patch Tuesday release.

The MS14-068 bulletin was initially listed as “release date to be determined.” The patch addresses a vulnerability in Kerberos, a computer network authentication protocol used in Windows, that could allow an attacker to elevate unprivileged domain user account privileges to those of a domain administrator account, according to Microsoft's release on the bulletins.

If these privileges were elevated, an attack could compromise any computer in the domain. However, for the vulnerability to be exploited, the attack must possess valid domain credentials.

Microsoft noted that it had only seen “limited, targeted attacks” trying to exploit this vulnerability.

November's Patch Tuesday involved 14 security bulletins, including four “critical,” eight “important,” and two “moderate.” One bulletin, MS14-075, still has a pending release date.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.