Do move quickly on MS16-068 patch

This week's Microsoft MS16-068 security patch requires immediate action to protect customers, says Gavin Millard

This week has not been a great one for Windows administrators. After a huge patch Tuesday, ridding the platform of some nasty remote code execution bugs and critical flaws in core components such as Schannel, another massive flaw has also been disclosed out-of-band affecting the platform.

MS16-068 or CVE2014-6324 is a critical bug in Kerberos, allowing any domain user with a set of valid credentials to escalate their privileges to domain admin, gaining huge control of the infrastructure and enabling the elevated account to do whatever they desire on the platform.

Attackers require a valid corporate credential but once obtained, something that is trivial in the age of the big password dumps and malware everywhere, they can easily escalate the prized domain admin account by forging a Privileged Access Certificate.

Unfortunately, once domain admin has been achieved, it's a trivial task to cover the tracks of the original attack and create new domain admin accounts for use in the future.

MS14-068 in the real world would be like scribbling the word "pilot" on a boarding pass and being waved through the throng of travellers to the front of the plane.

The channel should test and deploy the patch immediately for customer organisations, moving MS14-068 to the front of the long line of patches required for organisations to remain secure.

Gavin Millard is EMEA technical director at Tenable Network Security