Security News > 2020 > November > Microsoft releases patching guidance for Kerberos security bug

Microsoft releases patching guidance for Kerberos security bug
2020-11-20 10:58

Microsoft has released additional details on how to fully mitigate a security feature bypass vulnerability in Kerberos KDC patched during this month's Patch Tuesday.

The remotely exploitable security bug tracked as CVE-2020-17049 exists in the way KDC decides if service tickets can be used for delegation via Kerberos Constrained Delegation.

Microsoft released security updates to address the Kerberos KDC security feature bypass earlier this month, during November 2020's Patch Tuesday.

Patching CVE-2020-17049 will cause some domain controllers to potentially encounter Kerberos authentication and Kerberos ticket renewal issues as Microsoft revealed on the Windows Health Dashboard on November 16.

The update cannot be installed via Windows Update or Microsoft Update channels because it is only available as stand-alone packages distributed through the Microsoft Update Catalog.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-patching-guidance-for-kerberos-security-bug/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-11 CVE-2020-17049 Incorrect Authorization vulnerability in multiple products
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. 		0.0
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 382 52 1419 2916 176 4563