Overview
Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain.
Description
CWE-347: Improper Verification of Cryptographic Signature The Microsoft Windows Kerberos KDC fails to properly check for valid signatures in the Privilege Attribute Certificate (PAC) included with the Kerberos ticket request. A domain user may forge the information contained in the PAC to request higher user privileges than should be allowed. Since the KDC does not verify the signature correctly, it will award the user the requested privileges, effectively making the user a domain administrator and allowing complete compromise of the entire domain. |
Impact
An unprivileged domain user may escalate to domain administrator privileges, allowing the user to fully compromise any computer on the domain, including the domain controller. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Temporal | 7.4 | E:F/RL:OF/RC:C |
| Environmental | 8.5 | CDP:MH/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Microsoft credits the Qualcomm Information Security & Risk Management team, with special recognition for Tom Maddock.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2014-6324 |
| Date Public: | 2014-11-18 |
| Date First Published: | 2014-11-18 |
| Date Last Updated: | 2014-11-19 17:34 UTC |
| Document Revision: | 34 |