Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2803 Microsoft Security Bulletin MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256) 11 November 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Publisher: Microsoft Operating System: Windows Impact/Access: Unauthorised Access -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2015-6095 Original Bulletin: https://technet.microsoft.com/en-us/library/security/MS15-122 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS15-122: Security Update for Kerberos to Address Security Feature Bypass (3105256) Document Metadata Bulletin Number: MS15-122 Bulletin Title: Security Update for Kerberos to Address Security Feature Bypass Severity: Important KB Article: 3105256 Version: 1.0 Published Date: November 10, 2015 Executive Summary This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key. This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section. Affected Software Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1[1] Windows 7 for x64-based Systems Service Pack 1[1] Windows Server 2008 R2 for x64-based Systems Service Pack 1[1] Windows Server 2008 R2 for Itanium-based Systems Service Pack 1[1] Windows 8 for 32-bit Systems[2] Windows 8 for x64-based Systems[2] Windows 8.1 for 32-bit Systems Windows 8.1 for x64-based Systems Windows Server 2012[2] Windows Server 2012 R2 Windows 10 for 32-bit Systems[3] Windows 10 for x64-based Systems[3] Windows 10 Version 1511 for 32-bit Systems[3] Windows 10 Version 1511 for 64-bit Systems[3] Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 (Server Core installation)[2] Windows Server 2012 R2 (Server Core installation) [1]Note that update 3081320 in MS15-121 and update 3101746 in MS15-115 are releasing concurrently with 3101246 in this bulletin, MS15-122. Customers who intend to install all three updates manually on Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1 should install the updates in the following order: 3101246 first, 3081320 second, and 3101746 third (this is taken care of automatically for customers with automatic updating enabled). For more information see the Known Issues section of Microsoft Knowledge Base Article 3105256. [2]Note that update 3081320 in MS15-121 and update 3101746 in MS15-115 are releasing concurrently with 3101246 in MS15-122. Customers who intend to install all three updates manually on Windows 8 or Windows Server 2012 should install the updates in the following order: 3101246 first, 3101746 second, and 3081320 third (this is taken care of automatically for customers with automatic updating enabled). For more information see the Known Issues section of Microsoft Knowledge Base Article 3105256. [3]Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The updates are available via the Microsoft Update Catalog. Vulnerability Information Windows Kerberos Security Feature Bypass CVE-2015-6095 A security feature bypass exists in Windows when Kerberos fails to checks the password change of a user signing into a workstation. An attacker who successfully exploited the bypass could use it to unlock a workstation and decrypt drives protected by BitLocker. An attacker who has physical access to a target machine could bypass Kerberos authentication by connecting a workstation to a malicious Kerberos Key Distribution Center (KDC). The update addresses the bypass by adding an additional authentication check. Microsoft received information about the security feature bypass through coordinated vulnerability disclosure. At the time this security bulletin was originally issued, Microsoft was unaware of any attack attempting to exploit this bypass. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVkKLd36ZAP0PgtI9AQIiHxAAo7LzjHYr5tAbTnvIcyeCC8usZfM44Ec2 HbIh+qxIPNyOz+ESthiJ6UcrWU4+1WRQYztGEv9PfpDc0+mMNnSm6Ar0/UmRvSBX vgaCJb4VbCVxV9ac8w2g4S8n5J5mCSdQjuagg5lOQRIjofb67vyZRsjobSZE70XJ dNJqVWIr/9I80PHbIpVg85ecqLIV9zyW/8Kht+cONDSRJzpoO+vsJh7mMCCAY7fW k7fZwALr3QrSo4ld4iMbX4d3uTeeGoTMVerGMroVLCsl+EnWsaFmGs1NHEgrG0uA 1eDFb68NcPCwhXiz5FD/vcjqAFTx/ktyZzXuYlvuDWumpsCscGUq0q6sI5IvdASC pFEdCnIL5azC06/MygwfH+2Bko6waZN5YZaOIA0Eb8umlI6WP1RqzC7Og0yr9zYR o5PhMqk+RhFyTBcG6xhKJ8Afvq2/+I1VxjwpDP7jJ2FO5swxcsTqgBjGhwxOx9RR SN1N+VBFqK14Nm8aMvFEQrsc+UXfcAC/QjKRy5VDcPzaaEwfLCi6MnbW7WbZBuUX XpvNe4OzVDgqwd0Vc85gjAjIldrYRan5AC0o9tI5+eekCFasgi/QTD4QIbnBnxfp /1O0SCSNTeFWN1PJOp1j/w+FJerWQ2+If+XFAiPRxw0S5w9lBDrvoQCn6R+CYKdg SHaaz0DPOHA= =CnJk -----END PGP SIGNATURE-----