MS14-068: Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780) (ESKIMOROLL)
High Nessus Plugin ID 79311
SynopsisThe remote implementation of Kerberos KDC is affected by a privilege
DescriptionThe remote Windows host is affected by a privilege escalation
vulnerability due to the Kerberos Key Distribution Center (KDC)
implementation not properly validating signatures. A remote attacker
can exploit this vulnerability to elevate an unprivileged domain user
account to a domain administrator account.
ESKIMOROLL is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/14 by a group known as the Shadow
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008,
7, 2008 R2, 8, 2012, 8.1, and 2012 R2.