Security News > 2020 > December > Windows Kerberos Bronze Bit attack gets public exploit, patch now
Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.
The security bug tracked as CVE-2020-17049 and patched by Microsoft during November 2020's Patch Tuesday can be exploited in what the researcher has named as Kerberos Bronze Bit attacks.
He has also published a low-level overview of the security bug with additional information on the Kerberos protocol, as well as practical exploit scenarios and details about how to implement and use Kerberos Bronze Bit attacks.
As explained by Karnes, the Kerberos Bronze Bit attack abuses the S4U2self and S4U2proxy protocols Microsoft added as Active Directory Kerberos protocol extensions.
A week after the CVE-2020-17049 security updates were issued, Microsoft also released out-of-band optional updates to fix the Kerberos authentication issues on all impacted Windows devices.
News URL
Related news
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Don't want your Kubernetes Windows nodes hijacked? Patch this hole now (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17049 | Incorrect Authorization vulnerability in multiple products A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 0.0 |