Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Urgent Windows Kerb...
 
Notifications
Clear all

Urgent Windows Kerberos Security Feature Bypass Vulnerability CVE-2024-20674 patch

1 Posts
1 Users
0 Likes
542 Views
Brandon Lee
(@brandon-lee)
Posts: 408
Member Admin
Topic starter
 

Heads up, if you are running a Windows network with Active Directory Domain Services (AD DS). Microsoft has released an urgent Windows Kerberos Security Feature Bypass patch.

The security flaw in Windows Kerberos is identified as CVE-2024-20674. It is a vulnerability in the authentication process that could be misused for impersonation purposes.

“An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server,” Redmond’s security response team said.

Also, Microsoft noted that for an attacker to successfully exploit this issue, they must first have access to the protected network before initiating the attack.

This Windows Kerberos vulnerability is critical, with a CVSS severity score of 9 out of 10.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674

 
Posted : 09/01/2024 9:58 pm