Our friends at Ars Technica report that Microsoft has released a critical security patch for a very scary bug that allows attackers to gain control over Windows domain controllers.  Obviously, both Ars Technica and Falcon Computer Consulting LLC recommend installation/deployment of this patch on impacted systems as soon as possible.  

 

Further, Falcon Computer Consulting LLC always recommends that you ensure your systems (desktops/laptops, servers, mobile devices, and any other network or critical devices) be kept up-to-date with patches and security fixes.  Our firm can provide assistance with security and updates for all your systems and critical infrastructure.  Feel free to contact us for additional information and support.

 

 

Unscheduled Windows update kills critical security bug under active attack

   courtesy of Ars Technica

 

Bug gives untrusted users control over sensitive Windows domain controllers.

 

Microsoft has released an unscheduled update to patch a critical security hole that is being actively exploited to hack Windows-based servers.

 

A flaw in the Windows implementation of the Kerberos authentication protocol allows attackers with credentials for low-level accounts to remotely hijack extremely sensitive Windows domain controllers that allocate privileges on large corporate or government networks. The privilege elevation bug is already being exploited in highly targeted attacks and gives hackers extraordinary control over vulnerable networks.

 

Read More...