For Microsoft users, the second Tuesday of each month is when you update your software with security patches. Microsoft rarely issues fixes outside of its regular Patch Tuesday cycle, unless a dire emergency crops up. As such, consider Microsoft’s latest patch a fix for a dire emergency, and update as soon as possible accordingly.
Microsoft announced and implemented its MS14-068 security update on Nov. 18 in response to a Windows vulnerability that malicious hackers had exploited in the wild. This is unusual: Microsoft or security researchers usually discover flaws and patch them before malefactors ever have a chance to take advantage of them.
The page detailing the patch calls the elevation-of-privilege vulnerability “Critical.” This means that an attacker could access a computer’s administrative functions remotely without ever drawing a legitimate user’s attention. Since the flaw affects the Kerberos protocol for the Windows Server operating system, this is especially problematic.
Kerberos helps authenticate users on corporate machines. At present, exploiters had only targeted Windows Server 2008R2, but Microsoft theorizes that with enough work, the vulnerability could extend to Windows Server 2012 or even consumer versions of Windows.
Malicious hackers targeting corporate servers is a problem for obvious reasons. As such, getting the patch as soon as possible would is advantageous, especially for users who employ Microsoft products at work. Just open Windows Update and select “check for updates,” if it doesn’t download automatically.
There is a bit of bad news for those who believe their servers may have been compromised. The vulnerability gave malefactors more or less unrestricted access to back-end server functions. If you’ve detected signs of intrusion on your network, the only solution is to patch your machines and then rebuild the domain from scratch.
At least if your IT guru seems grumpy tomorrow, you’ll know why.