Executive Summary
| Informations | |||
|---|---|---|---|
| Name | TA14-323A | First vendor Publication | 2014-11-19 |
| Vendor | US-CERT | Last vendor Modification | 2014-11-19 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [1] DescriptionThe Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise. At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability. ImpactA valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller. [2] SolutionAn update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.[1, 3] |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA14-323A.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:28191 | |||
| Oval ID: | oval:org.mitre.oval:def:28191 | ||
| Title: | Kerberos checksum vulnerability - CVE-2014-6324 (MS14-068) | ||
| Description: | The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2014-6324 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 1 | |
| Os | 1 | |
| Os | 1 | |
| Os | 3 | |
| Os | 2 |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-11-20 | IAVM : 2014-A-0180 - Microsoft Windows Kerberos Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0057571 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-03-14 | Microsoft Windows Kerberos privilege escalation attempt RuleID : 36596 - Revision : 4 - Type : OS-WINDOWS |
| 2015-08-14 | Microsoft Windows Kerberos privilege escalation attempt RuleID : 35118 - Revision : 5 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-18 | Name : The remote implementation of Kerberos KDC is affected by a privilege escalati... File : smb_nt_ms14-068.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-11-19 21:35:49 |
|
| 2014-11-19 21:22:08 |
|
