Solved

Microsoft Security Bulletin MS14-066 - Critical

Posted on 2014-11-19
4
291 Views
Last Modified: 2014-11-25
Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

we are planning to deploy this out of band patch that released yesterday.
before that can I know whether it critical on Domain controllers and less critical on Servers. we will have to plan to patch it accordingly.

If it is critical on DCs, we will do right away. hope it can wait on other server editions for some time.
please confirm.

how about servers in DMZ, how critical in that environment?
0
Comment
Question by:Good
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 250 total points
ID: 40453267
As with ANY critical patch release, read the info from Microsoft.
https://technet.microsoft.com/en-us/library/security/ms14-066.aspx

This is over a week old now and yesterdays release was version 2 of the fix.  It is rated as critical on an OS basis, not what or where the OS installed.  A windows server is a windows server. AD is a role installed ontop of the server, therefore the server is still an affected server.
0
 

Author Comment

by:Good
ID: 40454136
affected OS is windows OS, but if we the component mainly affected is kerberos KDC which is main component of Domain controller?
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 250 total points
ID: 40460820
Good,
  Last Tuesday, an out of band announcement was made, and two security bulletins were impacted.
  First, MS14-066, concerning the SChannel update you mentioned originally, was updated.  They pulled back the Windows 2008 R2, and Windows 2012 patch and replaced them because folks were encountering issues with some of the encryption algorithms.  Yes, its bad, but it impacts may servers... not just DCs.
  Second, MS14-068 was released.  This is the one that impacts Kerberos on DCs.  Folks are running around screaming because apparently there are limited exploits, and I haven't seen that folks are saying that they are 'in the wild' yet.  Yes, install it on your DCs as soon as feasible, after testing of course.  The Microsoft bulletin indicates that it changes a check done by Kerberos, so unless someone is using malformed ticket requests, I don't anticipate problems with the changed code.  (In my testing thus far, I haven't seen any issues.)  The patch is being offered to other systems as well, apparently out of an overabundance of caution.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question