Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

Re(3): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

Fly — Thu, 20 Nov 2014 20:55:39 GMT

Und Ihr habt keinen NDA-Knebel? Schweinerei.

Re(7): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

Fly — Thu, 20 Nov 2014 20:54:39 GMT

Na dann hast eh letzte Woche schon deine Arbeit getan.

Re(7): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

nightmare11at — Thu, 20 Nov 2014 07:20:11 GMT

Jo, die EX13 CUs waren wirklich alle schlimm.

Re(6): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

Ardjan — Wed, 19 Nov 2014 20:03:34 GMT

Bin ich froh dass ich nur für die Clients zuständig bin

Die Updates gehen zuerst an ein Handvoll auserlesene Benutzer, und wann alles funktioniert und nichts in den Medien aufscheint, gehen sie drei Tage später an alle User... Die Server werden von Kollegen betreut...

Re(6): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 16:50:03 GMT

Hab's auf Heise auch schon gelesen..
Bei den ersten Exchange 2013 CUs wars genau so...
Ein Griff ins WC nach dem anderen momentan

Re(5): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

nightmare11at — Wed, 19 Nov 2014 16:07:11 GMT

Naja, unsere SQL Server erlebten einen noch nie dagewesenen Performanceeinbruch. Das Problem haben auch andere. Nach Deinstallation des Patches normalisiert sich sofort wieder alles.

Re(4): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 12:22:58 GMT

Hast du Infos zu den Problemen?
Gröbere Probleme zu erwarten?

Re(3): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

nightmare11at — Wed, 19 Nov 2014 12:22:05 GMT

Wir sind Premier Kunden.

Ah ok

Wir haben letzte Woche auch den TLS Bug gepatched und jetzt haben wir das
gepatched.
Die Server hängen Großteils eh im WSUS aber wir müssen solche Patches ASAP
einspielen wegen Security,

Hier auch. Aber der TLS Fix hat uns vmtl. mehr Probleme bereitet als die Lücke selbst...

Re(2): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 12:01:01 GMT

Wir sind Premier Kunden.
Wir haben letzte auch den TLS Bug gepatched und jetzt haben wir das gepatched.
Die Server hängen Großteils eh im WSUS aber wir müssen solche Patches ASAP einspielen wegen Security, Menschenleben usw...

Re(2): Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 12:01:01 GMT

Wir sind Premier Kunden.
Wir haben letzte Woche auch den TLS Bug gepatched und jetzt haben wir das gepatched.
Die Server hängen Großteils eh im WSUS aber wir müssen solche Patches ASAP einspielen wegen Security, Menschenleben usw...

Re: Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

nightmare11at — Wed, 19 Nov 2014 11:17:28 GMT

Habs auch schon gelesen. IMHO ziemlich kritisch.
Nachdem SChannel Update von letzter Woche, bin ich aber mit einer schnellen Verteilung sehr, sehr, sehr, sehr, sehr, sehr vorsichtig! Das habens ja ordentlich verbockt!

PS. Von welchem Dienst hast du Mail bekommen?

Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 10:16:43 GMT

Haben wir gestern Abend bekommen.

Today Microsoft released an out-of-band security update to address an issue affecting Microsoft Windows.

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.

An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1. Severity ratings do not apply for these operating systems because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability.

Note The update is available for Windows Technical Preview and Windows Server Technical Preview. Customers running these operating systems are encouraged to apply the update, which is available via Windows Update.

In addition to the new security bulletin, Microsoft has revised security bulletin MS14-066. The revision addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.

Kerberos KDC - Microsoft Security Bulletin (Out-of-Band) Release

tridh — Wed, 19 Nov 2014 10:16:43 GMT

Haben wir gestern Abend bekommen.
Jetzt wird mal wild gepatched...

Today Microsoft released an out-of-band security update to address an issue affecting Microsoft Windows.

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.

An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1. Severity ratings do not apply for these operating systems because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability.

Note The update is available for Windows Technical Preview and Windows Server Technical Preview. Customers running these operating systems are encouraged to apply the update, which is available via Windows Update.

In addition to the new security bulletin, Microsoft has revised security bulletin MS14-066. The revision addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.