DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 21, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 132 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Microsoft rushes out patch for Kerberos protocol

Posted on Wednesday, November 19 2014 @ 15:12:43 CET by


Microsoft logo
Microsoft issued Security Bulletin MS14-068, an out-of-band security patch to fix a critical vulnerability in Kerberos, a security protocol used in all supported versions of Windows. Typically, Microsoft bundles all of its patches for Patch Tuesday, the second Tuesday of the month. The fact that this is an out-of-cycle update illustrates the severity of the vulnerability, but an exploit seems limited to enterprise customers because Kerberos is typically only used on servers installed within an Active Directory or similar network environment.
Security Bulletin MS14-068 covers a privilege escalation vulnerability in the Kerberos security subsystem, present in all currently supported versions of Windows. The flaw has been deemed Critical by Microsoft, the company's most serious of ratings - hence the out-of-band patch. Thankfully, it's a problem which is likely to only concern enterprise customers: while the Kerberos system is present in all versions of Windows, it is typically only used on servers installed within an Active Directory or similar network environment - thus only servers are likely to be at risk of active attack, and then only if the attacker already has valid credentials for the domain.

'This is pretty severe and definitely explains why Microsoft only delayed the release and did not pull it from the November Patch Tuesday release all together,' explained Chris Goettle, product manager at security specialist Shavlik, of the patch. 'Our recommendation, include this in your Patch Cycle ASAP.' The MS14-068 patch is one of two which were listed in Microsoft's November bulletin as having a release date 'to be determined,' suggesting that another out-of-band patch could appear before December's Patch Tuesday rolls around.
Source: Bit Tech



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba