Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.
The vulnerability tracked as
CVE-2020-16996 is exploitable remotely by attackers with low privileges as part of low complexity attacks where user interaction is not required.
CVE-2020-16996 exists on Active Directory DCs (Domain Controllers) and RODCs (Read-Only Domain Controllers) only on servers where the
Protected Users global security group is available and the
Resource-Based Constrained Delegation (RBCD) is enabled.
The vulnerability impacts only Windows server platforms from Windows Server 2012 up to the latest version Windows Server, version 20H2 (Server Core Installation).
Microsoft's
security advisory says that there is no evidence of active exploitation of this security bug in the wild or of publicly available CVE-2020-16996 exploit code.
Kerberos is the
default authentication protocol for domain connected devices running Windows 2000 and later and it
enables authentication of users, computers, and services so that authorized services and users can securely access resources.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
