Microsoft issues "critical" out of band Windows Server patch

Software giant rolls out Windows Server update following reports of exploitation in the wild

Step 2: Keep your drivers and patches up-to-date

Microsoft has released a "critical" out of band patch for all supported versions of Windows Server to prevent hackers gaining unauthorised access to IT systems.

Redmond's patch targets a vulnerability affecting the Kerberos KDC, which is an authentication service used to verify users and services on open and unsecured networks, and could allow an 'elevation of privilege' attack to take place.

"The vulnerability exists when the Microsoft Kerberos KDC implementations fail to properly validate signatures, which can allow for certain aspects of a Kerberos service ticket to be forged," Microsoft explained in a security alert.

Microsoft has graded the vulnerability as "critical" and said it affects all supported versions of Windows Server, from 2003 to 2012.

"An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers," the Microsoft security alert warned.

The software giant also confirmed it was aware that "limited, targeted attacks" had already taken place, as hackers looked to exploit the Kerberos security flaw, but none of these had involved Windows Server 2012 or 2012 R2 users.

An update to address the issue was reportedly scheduled for inclusion in the November round of Patch Tuesday security fixes, but was postponed.

Wolfgang Kandek, CTO of security firm Qualys, said the fact the flaw is already being exploited explains why Microsoft has released it now, rather than wait for next month's Patch Tuesday.   

"This bulletin was held back due to some last minute testing needs," Kandek revealed.

"Now Microsoft releases it out-of-band because they have seen some limited exploitation of the vulnerability in the wild," he added. 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021