CVE-2014-6324: Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability

CVE-2014-6324: Technical Deep-Dive (Auto Refreshed)

Generated on 2026-03-31T17:00:08.489Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).

Executive Technical Summary

The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."

Context preserved from previous revision: The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." 1. Use only isolated environments and systems you own or are explicitly authorized to test.

Technical Details

CVE: CVE-2014-6324
KEV date added: 2022-03-25
KEV due date: 2022-04-15
NVD published: 2014-11-19
NVD modified: 2025-10-22
MITRE modified: 2025-10-22
CVSS base score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS exploitability score: 2.8
CVSS impact score: 5.9
Attack vector: Network
Attack complexity: Low
Privileges required: Low
User interaction: None
Scope: Unchanged
Confidentiality impact: High
Integrity impact: High
Availability impact: High

Versions and Products Impacted

microsoft / windows 7
microsoft / windows 8
microsoft / windows 8.1
microsoft / windows server 2003
microsoft / windows server 2008
microsoft / windows server 2008 (versions: r2)
microsoft / windows server 2012
microsoft / windows server 2012 (versions: r2)
n/a / n/a (versions: n/a)

Weakness Classification

NVD-CWE-noinfo
CWE-noinfo Not enough information

Repositories for Lab Validation (Public Examples)

Ostorlab/KEV | stars: 608 | updated: 2026-03-23 | https://github.com/Ostorlab/KEV
Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
PhamTuanAnh20225542/AD-Exploit-Framework | stars: 0 | updated: 2025-10-26 | https://github.com/PhamTuanAnh20225542/AD-Exploit-Framework

People and Organizations Mentioned

microsoft
Kerberos Key Distribution Center (KDC)
Ostorlab
PhamTuanAnh20225542

Practical Defensive Validation (Authorized Only)

Use only isolated environments and systems you own or are explicitly authorized to test.
Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
Inventory microsoft / windows 7 assets and confirm exact vulnerable versions with automated checks.
Patch in staged environments and validate closure with scanners + service health checks.
Map detections to MITRE ATT&CK tactics relevant to your environment and tune alert quality.

References

This content is for defensive security training and authorized validation only.