• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Microsoft Releases Patch for Elevation of Privilege Vulnerability

Heads up: Microsoft has just released a critical update needed to patch an elevation of privilege vulnerability lurking in Kerberos KDC.

This flaw – known as Kerberos Checksum Vulnerability – could give an attacker the ability to increase the privileges of a standard user account up to the level of domain administrator. From there, the attacker might use those elevated privileges to compromise any computer in that domain – including the domain controllers.

The security update needed to correct the flaw has been rated critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. The update is also being offered on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1.

This vulnerability occurs when Microsoft Kerberos KDC implementations don’t accurately authenticate signatures. This failure could let an attacker forge a Kerberos service ticket and claim that he or she is actually a domain administrator. When Kerberos processes the forged request, the attacker would then essentially have free access to the network. The update seals up the vulnerability by correcting the signature verification issues.

In order to exploit this flaw, an attacker must have valid domain credentials. In addition, standard user accounts credentials are needed to break into a system. The vulnerability can’t be exploited using account credentials that are local access only.

Microsoft discovered the vulnerability through a coordinated vulnerability disclosure. So far, there have been limited, target efforts by attackers to take advantage of the Kerberos flaw. However, none of the attacks have affected Windows Server 2012 or Windows Server 2012 R2 environments.

If your team has enabled automatic updates, they should still take the time to make sure the patch has been fully installed. Even though Windows will automatically download and begin the installation, the patch won’t actually take effect until the domain controllers have been rebooted, so the risk will remain. If automatic updates haven’t been enabled, administrators will need to check for the necessary updates and then install them manually.

These are the types of situations where having a partner like Arraya Solutions can certainly come in handy. Arraya’s Manage 365+ can monitor your business environment to ensure it’s healthy, secure and running at the highest possible level. It can also take managing service requests, scheduled maintenance and updates off of your IT team’s plate, freeing your team up to focus on more pressing projects.

To find out more about how Arraya can help, visit www.ArrayaSolutions.com or reach out to your Arraya sales rep today.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}