http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx Their supplemental blog indicates that patching domain controllers is enough to resolve the problem and the patches for additional operating systems is part of their defense-in-depth strategy. On Tue, 18 Nov 2014 13:30:05 -0500, David Graff <[log in to unmask]> wrote: >https://technet.microsoft.com/en-us/library/security/MS14-068 > >For anyone running an AD environment, MS released a new critical update to >address a privilege elevation attack that allows anyone with valid domain >user rights to elevate to domain admin. Targeted attacks are already >occurring using this vector. Get it patched on servers as quickly as >possible, especially DCs.