Microsoft has issued a critical Windows Server update and is
urging users to immediately patch domain controllers for a new Windows Kerberos
elevation of privilege vulnerability. The bug could allow an attacker to
elevate an unprivileged domain user account to a domain administrator
permission level, and ultimately take control of domain controllers or other
servers in the server domain. The bug in the Kerberos Key Distribution Center
affects Windows Server 2003, Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, and Windows Server 2012 R2.
An off-schedule patch has been released by Microsoft to deal
with this vulnerability. Clients who have ACT Managed Services protection
are being patched off-schedule to deal with this event. If you use other
patch management methods, we strongly recommend that you take the needed steps
to insure your server(s) are updated as quickly as possible.
No comments:
Post a Comment