View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 19, 2014

Microsoft issues emergency Kerberos patch

Hackers said to be escalating the privilege in the wild following update delay last week.

By Jimmy Nicholls

Microsoft has issued an emergency patch for its authentication protocol Kerberos, after it found hackers attempting to exploit a bug.

Attackers can abuse the flaw to grant themselves extra privileges, allowing them to remotely compromise any computer within that domain. System admins have been advised to patch their machines.

Chris Goettl, product manager at security vendor Shavlik, said: "The attacker must have a valid domain user account, but with that user account they can forge a Kerberos ticket that will allow them to claim they are a domain administrator.

"From there they can do pretty much what they want from creating accounts to installing software and deleting or changing data."

The fix had been intended for release last week, alongside the regular Patch Tuesday update cycle, but was delayed for reasons yet unknown.

The incident also follows reports from the Microsoft that its Secure Channel (SChannel) patch was causing a fatal transport security layer (TLS) error in certain system configurations, leading services to become unresponsive.

"The update should be worked into your deployment plan this month as the vulnerabilities resolved are severe enough to warrant some urgency," Goettl added.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.