TPS-2014-005 Kerberos Checksum Vulnerability (CVE-2014-6324) Advisory

This notice is to advise Joyent Public Cloud and Smart Data Center customers of the recently identified Kerberos Checksum Vulnerability (CVE-2014-6324) for anyone using Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2.

If you are running a Windows VM, your environment may allow remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket. For more information on this vulnerability as well as steps you can take to mitigate CVE-2014-6324, please see:

https://technet.microsoft.com/library/security/ms14-068

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324

If you have any questions or concerns about CVE-2014-6324 please raise a ticket at https://help.joyent.com or by email to support@joyent.com.