Microsoft Releases Emergency Update for Windows Kerberos Vulnerability

Last Updated: 07/20/2016

Security Notice Level

SEVERE

Microsoft has released an emergency update for a Windows Kerberos vulnerability that allows an authenticated unprivileged domain user to escalate privileges to a domain administrator account.  This update addresses vulnerabilities that may allow attackers to take control of a vulnerable system.  

Affected Software

The IT Security Office advises owners of the software listed below update as soon as possible.

  • Windows Vista
  • Windows 7
  • Windows 8 and Windows 8.1
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012 and Windows Server 2012 R2
  • Server Core installation option

Security Bulletin Name

Microsoft Security Bulletin MS14-068 - Critical
Release date: November 18, 2014

Additional Information

Additional information about this vulnerability can be viewed at:
https://technet.microsoft.com/library/security/MS14-068

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.