Security News > 2020 > December > Windows Kerberos Bronze Bit attack gets public exploit, patch now
Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.
The security bug tracked as CVE-2020-17049 and patched by Microsoft during November 2020's Patch Tuesday can be exploited in what the researcher has named as Kerberos Bronze Bit attacks.
He has also published a low-level overview of the security bug with additional information on the Kerberos protocol, as well as practical exploit scenarios and details about how to implement and use Kerberos Bronze Bit attacks.
As explained by Karnes, the Kerberos Bronze Bit attack abuses the S4U2self and S4U2proxy protocols Microsoft added as Active Directory Kerberos protocol extensions.
A week after the CVE-2020-17049 security updates were issued, Microsoft also released out-of-band optional updates to fix the Kerberos authentication issues on all impacted Windows devices.
News URL
Related news
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-11 | CVE-2020-17049 | Incorrect Authorization vulnerability in multiple products A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 6.6 |