Details emerge on Windows Kerberos vulnerability

"Microsoft's out-of-band update yesterday fixes a profoundly serious bug: Any user logged into the domain can elevate their own privilege to any other, up to and including Domain Administrator. When I saw in the advance notification, that one of the bugs was an elevation of privilege bug and rated critical I knew something different was up.


Later in the day Microsoft released a Security Research and Defense (SRD) Blog entry that explains the vulnerability in more, though still limited detail."