Microsoft’s Kerberos Used in Targeted Attacks

Earlier this week Microsoft released an “out-of band” security update (MS14-068) to fix a flaw in Microsoft Windows Kerberos KBC, a Microsoft authentication system used by default in the operating system. The vulnerability was present in all Microsoft Windows server software that cybercriminals were exploiting to compromise whole networks of computers.

The update release comes only one week after Microsoft provided the monthly security patch updates for users. The flaw in Kerberos caused many problems for Microsoft according to Chris Goettl of IT management firm Shavlik:

“The attacker can impersonate any domain accounts, add themselves to any group, install programs, view, change, delete data, or create any new accounts they wish. This could allow the attacker to then compromise any computer in the domain, including domain controllers.”

Windows home users can breath a sigh of relief since the threat is only considered dangerous to organizations and businesses who have the Windows Server Systems. The threat is present in all supported versions of Windows from Windows Vista to Windows 8.1, and from Windows Server 2003 to Server 2012 R2. izations and businesses who have the Windows Server Systems. The threat is present in all supported versions of Windows from Windows Vista to Windows 8.1, and from Windows server 2003 to 2012 R2. Windows is urging users to install the patch immediately to avoid targeted attacks.

Download the patch here