[HUB] MS14-068 - Vulnerability in Kerberos Could Allow Elevation of Privilege

Refers to:

  • Plesk for Windows

Created:

2016-11-16 12:46:36 UTC

Modified:

2016-12-21 19:11:11 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[HUB] MS14-068 - Vulnerability in Kerberos Could Allow Elevation of Privilege

Information

Microsoft has revealed a vulnerability in Microsoft Windows Kerberos KDC. It affects all modern versions of Windows, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1.

Please refer to Microsoft TechNet article for details:

Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)

Impact

Microsoft has revealed a vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When the security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Resolution

To close the vulnerability on Windows-based hosts install the security patch from Windows Update.

For specific Parallels products, here is the list of articles which you may refer to:

Parallels Plesk

Parallels Plesk Automation

Parallels Containers for Windows

Parallels Cloud Server

Parallels Virtual Automation

Parallels Operations Automation + Parallels Business Automation - Enterprise

Parallels Business Automation - Standard

Parallels H-Sphere

Parallels Helm

Have more questions? Submit a request
Please sign in to leave a comment.