Security News > 2020 > November > Microsoft Releases Out-of-Band Update for Kerberos Authentication Issues
Microsoft last week released an out-of-band update for Windows to address authentication issues related to a recently patched Kerberos vulnerability.
The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center that Microsoft fixed on November 2020 Patch Tuesday.
"An out-of-band optional update is now available on the Microsoft Update Catalog to address a known issue affecting Kerberos authentication. As part of this issue, ticket renewal and other tasks, such as scheduled tasks and clustering, might fail. This issue only affects Windows Servers, and Windows 10 devices and applications in enterprise environments," Microsoft explains.
Microsoft warns that there are some issues that enterprises should be aware of when installing the update, related to the Microsoft Input Method Editor for Japanese or Chinese languages.
In a post last week, Microsoft Japan provided a series of recommendations on the steps that admins should take to address such issues, in addition to deploying the update to all of the DCs and RODCs in the environment.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17049 | Incorrect Authorization vulnerability in multiple products A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 6.6 |