A new Microsoft vulnerability (CVE-2014-6332) that affects Microsoft Active Directory domain controllers was addressed by the vendor on November 18th. Microsoft released an out-of-band patch to help fix and address the risk immediately because there is evidence that hackers are currently exploiting this vulnerability.
For more technical details, please read the most recent Security and Defense blog posted by Microsoft and US Cert’s Alert (TA14-323A) Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability.
The vulnerability exists within Microsoft Kerberos, a key authentication protocol used by Windows Active Directory to authenticate users on a network. This software exploit could allow attackers to gain administrative privilege for an entire network and access any data stored on user computers. The only way to ensure that a network is secure after an attack is to re-build the Active Directory domain.
Swift installs Microsoft updates for all of our managed IT services and contract customers as part of their regularly scheduled maintenance. If you manage your own system security, Swift recommends that your IT staff run a Microsoft Windows update on all domain controllers ASAP. There is no immediate need to patch other servers and PCs, but be sure to install this update in your next security maintenance cycle.
Swift Systems is aware that security threats are constantly changing and evolving and we work diligently to protect our networks and yours at all times.
Please call Swift IT at 301.682.5100 or email sales@swiftsystems.com if you have any questions or concerns.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.
Get in touch with us for a free consultation with one of our technical experts. We’ll review your current systems, assess your needs, and identify the coverage options to best meet them.
Get in touch with us by phone: