Microsoft has released a critical update to fix a bug in the Kerberos processing of nearly all Windows releases, which enables an attacker with domain credentials to become an Admin or in fact assume the identity of ANY other user without a password.
This is NOT April 1st, we are not kidding and if your mouth has just gone dry and your hands have started shaking, that is a very good start.
What to do (when you have got your wotsit back together): Read this.
You will notice that just as we said before, this is bad, really bad, and affects most of the stuff you are running. The only redeeming factor is that only users with domain accounts can do this and of course you know and trust every user with a domain account on your system, don’t you?
You must apply the update as soon as you can. This is currently being exploited in the wild and all the script kiddies and wannabe hackers (the ones with that live with their Mum especially, you know these people) are all over this like it’s the last slice of pizza on the planet.
Microsoft’s remediation advice makes for very chilling reading, so please get on with the updates before this becomes necessary: ‘The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain.’. No biggy.
ITC’s NetSure360° managed security service has a number of components which can help quantify your risk, provide mitigation and remediation, and alert you to privilege escalation events across your estate.
We have instructed our SOC to be on the alert for privilege escalation, have programmed our systems accordingly and will be talking to our customers about how we can help them with this worrying situation.
If you would like to discuss this with one of our security specialists, please contact us on: 02075173900 or [email protected]
By the way, our money is on this being a little backdoor for Microsoft’s friends in Washington DC, but we wouldn’t put our lives on it !!