Microsoft fixes new Windows Kerberos security bug in staged rollout


Level 73
Content Creator
Malware Hunter
Aug 17, 2014
Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.

The vulnerability tracked as CVE-2020-16996 is exploitable remotely by attackers with low privileges as part of low complexity attacks where user interaction is not required.

CVE-2020-16996 exists on Active Directory DCs (Domain Controllers) and RODCs (Read-Only Domain Controllers) only on servers where the Protected Users global security group is available and the Resource-Based Constrained Delegation (RBCD) is enabled.

The vulnerability impacts only Windows server platforms from Windows Server 2012 up to the latest version Windows Server, version 20H2 (Server Core Installation).

Microsoft's security advisory says that there is no evidence of active exploitation of this security bug in the wild or of publicly available CVE-2020-16996 exploit code.

Kerberos is the default authentication protocol for domain connected devices running Windows 2000 and later and it enables authentication of users, computers, and services so that authorized services and users can securely access resources.