Microsoft “tops up” Patch Tuesday, issues delayed fix for zero-day hole in logon security

Microsoft has issued a “top up” security bulletin for a fix that didn’t quite make it into the November 2014 Patch Tuesday. The vulnerability can be used to turn any user into a domain administrator, and it’s been exploited in the wild…