In November 2014, Microsoft issued a critical patch addressing a Kerberos issue on domain controllers. This vulnerability enables an attacker to leverage any authenticated session to create a Kerberos ticket which can have any group membership in the Active Directory domain, to include membership in domain admins, schema admins, enterprise admins, or BUILTIN\Administrators. In addition, a toolkit designed to exploit this vulneravbility has been published online since the beginning of December.
Michael Melone 