search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature

Vulnerability Note VU#213119

Original Release Date: 2014-11-18 | Last Revised: 2014-11-19

Overview

Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain.

Description

CWE-347: Improper Verification of Cryptographic Signature

The Microsoft Windows Kerberos KDC fails to properly check for valid signatures in the Privilege Attribute Certificate (PAC) included with the Kerberos ticket request. A domain user may forge the information contained in the PAC to request higher user privileges than should be allowed. Since the KDC does not verify the signature correctly, it will award the user the requested privileges, effectively making the user a domain administrator and allowing complete compromise of the entire domain.

The Microsoft Research Security and Defense Blog has a more technical description of the vulnerability.

Impact

An unprivileged domain user may escalate to domain administrator privileges, allowing the user to fully compromise any computer on the domain, including the domain controller.

Solution

Apply an update

Microsoft has released an update addressing this vulnerability. Please see Microsoft Security Bulletin MS14-068 for more information.

Vendor Information

213119
Expand all

Microsoft Corporation

Updated:  November 18, 2014

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://technet.microsoft.com/library/security/MS14-068

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C
Temporal 7.4 E:F/RL:OF/RC:C
Environmental 8.5 CDP:MH/TD:H/CR:ND/IR:ND/AR:ND

References

Credit

Microsoft credits the Qualcomm Information Security & Risk Management team, with special recognition for Tom Maddock.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2014-6324
Date Public: 2014-11-18
Date First Published: 2014-11-18
Date Last Updated: 2014-11-19 17:34 UTC
Document Revision: 32

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.