Exploit for Kerberos authentication vulnerability CVE-2020-17049

[German]A security researcher from NetSPI, who discovered the Kerberos authentication vulnerability CVE-2020-17049, has now published the details as well as an exploit. Anyone running an affected environment on Windows Server should react and patch now at the latest.


Kerberos authentication vulnerability CVE-2020-17049

In all Windows Server versions from Windows Server 2008 R2 SP1 up to Windows Server 20H2, the Kerberos authentication vulnerability CVE-2020-17049 exists. Roughly speaking, an attacker can authenticate under certain boundary conditions with an invalid Kerberos service ticket. As of December 8, 2020, Microsoft has released updates to close this Kerberos authentication vulnerability CVE-2020-17049. In addition, the article Managing deployment of Kerberos S4U changes for CVE-2020-17049 was published with guidance on the vulnerability and how to fix it.

Vulnerability disclosure with exploit

Security researcher Jake Karnes from NetSPI had discovered the vulnerability and reported it to Microsoft. Now that a security update for the affected Windows Server versions has been released by Microsoft on December 8, 2020, Karnes goes public.

With these three articles, he provides enough fodder for this Kerberos authentication vulnerability to be exploited on Windows Server systems acting as Active Directory domain controllers. Microsoft responded the same day with the document Managing deployment of Kerberos S4U changes for CVE-2020-17049 with guidance on the vulnerability and how to fix it. Affected administrators of such an environment should therefore react promptly and install the December 2020 updates as well as take the measures suggested by Microsoft to secure their servers.  (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Update, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *