How to fix CVE-2014-6324?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Vendor patch is available.

Is Windows affected by CVE-2014-6324?

CVE-2014-6324 presents significant security risk rated CVSS 8.8. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems. This vulnerability is actively exploited in the wild (KEV-listed) and requires immediate remediation.

CVE-2014-6324

HIGH

2014-11-18 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 01:16 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 01:16 vuln.today

Public exploit code

Patch Released

Oct 22, 2025 - 01:16 nvd

Patch available

CVE Published

Nov 18, 2014 - 23:59 nvd

HIGH 8.8

Description

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

Analysis

The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.

Technical Context

The KDC accepts PAC signatures using any checksum algorithm, including weak MD5 (instead of requiring the server's keyed checksum). An authenticated user can request a TGT without a PAC, then generate a forged PAC claiming domain admin membership, sign it with MD5, and present it to the KDC, which incorrectly validates it.

Affected Products

['Microsoft Windows Server 2003 SP2', 'Microsoft Windows Server 2008 SP2/R2 SP1', 'Microsoft Windows Server 2012/R2', 'All Active Directory domain controllers running affected versions']

Remediation

Apply Microsoft security update MS14-068 immediately to ALL domain controllers. Audit domain admin group membership for unauthorized additions. Check Kerberos event logs for anomalous TGT requests. Consider enabling PAC validation checks.

Priority Score

214

Low Medium High Critical

KEV: +50

EPSS: +90.3

CVSS: +44

POC: +20

CVE-2014-6324 vulnerability details – vuln.today

Back

CVE-2014-6324

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2014-6324

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code