In light of Microsoft’s release of the MS16-068 security patch, Gavin Millard, EMEA Technical Director, Tenable Network Security has given the following advice on what organisations should do next to remain secure:
“This week has not been a great one for Windows administrators. After the huge patch Tuesday, ridding the platform of some nasty remote code execution bugs and critical flaws in core components like Schannel, another massive flaw has also been disclosed out-of-band affecting the platform.
“MS16-068 or CVE2014-6324 is a critical bug in Kerberos, allowing any domain user with a set of valid credentials to escalate their privileges to domain admin, gaining huge control of the infrastructure and enabling the elevated account to do whatever they desire on the platform. Attackers require a valid corporate credential but once obtained, something that is trivial in the age of the big password dumps and malware everywhere, they can easily escalate the prized domain admin account by forging a Privileged Access Certificate. Unfortunately once domain admin has been achieved, it’s a trivial task to cover the tracks of the original attack and create new domain admin accounts for use in the future.
“MS14-068 in the real world would be like scribbling “pilot” on a boarding pass and being waved through the throng of travellers to the front of the plane.
“Organisations should test and deploy the patch immediately, moving MS14-068 to the front of the long line of patches required to be deployed to remain secure.”