Vulnerabilities ›

CVE-2014-6324

Critical 🇺🇸 CISA KEV ⚡ Exploit Available

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability — The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain

                    Published: Mar 25, 2022                                          ·  Source: CISA_KEV                

CVSS v3

9.0

🔗 NVD Official

📄 Description (English)

🤖 AI Executive Summary

CVE-2014-6324 is a critical Kerberos KDC vulnerability in Microsoft systems that allows authenticated domain users to escalate privileges to domain administrator level. This vulnerability affects the core authentication mechanism used across enterprise networks, potentially compromising entire Active Directory domains.

📄 Description (Arabic)

ثغرة حرجة في خادم توزيع مفاتيح كيربيروس بمايكروسوفت تسمح للمستخدمين المصرح لهم في المجال بالحصول على امتيازات مسؤول المجال. تؤثر هذه الثغرة على آلية المصادقة الأساسية المستخدمة في شبكات المؤسسات وقد تؤدي إلى اختراق كامل نطاق Active Directory.

🤖 ملخص تنفيذي (AI)

This critical vulnerability in Microsoft's Kerberos implementation allows authenticated domain users to gain domain administrator privileges through the KDC. It represents a severe threat to Active Directory security and domain-wide access control.

🤖 AI Intelligence Analysis Analyzed: Apr 28, 2026 09:59

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1078.002 T1134.005 T1558.001 T1558.004

⚖️ Saudi Risk Score (AI)

9.0

/ 10.0

🔧 Remediation Steps (English)

Apply Microsoft security patches KB2992611 and related updates immediately. Implement network segmentation to restrict KDC access. Monitor domain controller logs for suspicious Kerberos ticket requests. Enforce strong password policies and multi-factor authentication for administrative accounts.

🔧 خطوات المعالجة (العربية)

طبق تحديثات الأمان من مايكروسوفت فوراً. قم بتقسيم الشبكة لتقييد الوصول إلى مركز توزيع المفاتيح. راقب سجلات وحدات التحكم في المجال للطلبات المريبة. فرض سياسات كلمات مرور قوية والمصادقة متعددة العوامل.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1 5.3.1

🔵 SAMA CSF

AC-2 AC-3 AC-6 IA-2 IA-4

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.2.2 A.9.2.5 A.9.4.3

🔗 References & Sources 0

No references.

📦 Affected Products / CPE 1 entries

Microsoft:Kerberos Key Distribution Center (KDC)

📊 CVSS Score

9.0

/ 10.0 — Critical

📋 Quick Facts

Severity Critical

CVSS Score9.0

EPSS88.40%

Exploit ✓ Yes

Patch ✓ Yes

CISA KEV🇺🇸 Yes

KEV Due Date2022-04-15

Published 2022-03-25

Source Feed cisa_kev

🇸🇦 Saudi Risk Score

9.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

kev actively-exploited

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2014-6324

💬 Comments

Introduce Yourself

Sign In Required