Earlier today we erroniously posted an article noting that, regarding MS14-068 (the TLS patch), “it may be worth waiting to see if anyone else has problems with it“. That is not the case and all users should update as soon as is feasible. This update addresses a “vulnerability in Kerberos could allow elevation of privilege and could allow for forging of part of Kerberos service ticket.”.
Contrary to the earlier post, this update should be applied as soon as possible.
From the Microsoft Technet site directly (bold and italics added):
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.