Zero-day vulnerability in Windows

Privilege escalation
CVE-2014-6324

Exploited by Duqu.

The vulnerability was reported by Qualcomm Information Security & Risk Management team.

Vulnerability details

Advisory: SB2014111801 - Privilege escalation in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2014-6324

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-310 - Cryptographic Issues

Description:

The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.

The weakness exists due to the failure to properly validate signatures in the Kerberos ticket by the Microsoft Kerberos KDC implementation. A remote attacker can forge a ticket and elevate an unprivileged domain user account to a domain administrator account.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits:

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.