9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain.
CWE-347: Improper Verification of Cryptographic Signature
The Microsoft Windows Kerberos KDC fails to properly check for valid signatures in the Privilege Attribute Certificate (PAC) included with the Kerberos ticket request. A domain user may forge the information contained in the PAC to request higher user privileges than should be allowed. Since the KDC does not verify the signature correctly, it will award the user the requested privileges, effectively making the user a domain administrator and allowing complete compromise of the entire domain.
The Microsoft Research Security and Defense Blog has a more technical description of the vulnerability.
An unprivileged domain user may escalate to domain administrator privileges, allowing the user to fully compromise any computer on the domain, including the domain controller.
Apply an update
Microsoft has released an update addressing this vulnerability. Please see Microsoft Security Bulletin MS14-068 for more information.
213119
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: November 18, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 9 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Temporal | 7.4 | E:F/RL:OF/RC:C |
Environmental | 8.5 | CDP:MH/TD:H/CR:ND/IR:ND/AR:ND |
Microsoft credits the Qualcomm Information Security & Risk Management team, with special recognition for Tom Maddock.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2014-6324 |
---|---|
Date Public: | 2014-11-18 Date First Published: |