CVE-2020-17049
Discovered: Published on December 8 along with the first phase of patching
Impacted Tech: Kerberos Key Distribution Center running on Windows 2000 or later
Attacker Location: Internal
Highlights: Public exploits available
An feature bypass vulnerability exists in the Kerberos Key Distribution Center which allows attackers to escalate privilege, impersonate users, and/or move laterally on the target network.
What should I do?
Microsoft released a patching guide to the phased approach they’ve taken to fix this vulnerability. The first phase of patching is from December 8th’s set of patches and they’ve released guides and workarounds for those who cannot patch immediately.
The researcher who discovered the vulnerability, Jake Karnes of NetSPI, published two great breakdowns of the vulnerability, which we have linked below.
References:
Low-Level Overview: https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/
High-Level Overview: https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/
Microsoft Patching Help: https://support.microsoft.com/en-us/help/4598347/managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049
Vulnerability Alert 