Η Microsoft διερευνά ένα νέο γνωστό ζήτημα που προκαλεί στους ελεγκτές εταιρικών domains να αντιμετωπίσουν προβλήματα ελέγχου ID cards Kerberos, after installing security updates released to address CVE-2020-17049 during Patch Tuesday, November 10th.
Kerberos has replaced the NTLM protocol as the default authentication protocol for domain-connected devices on all versions of Windows above Windows 2000.
Authentication protocols allow authentication of users, computers and services, allowing authorized services and users to access resources securely.
CVE-2020-17049 is a remote exploitation capability of the Kerberos Constrained Delegation (KCD) and exists in the way KDC determines whether service credentials can be used for KCD outsourcing.
Security updates behind authorization issues
"After installing KB4586781 on domain controllers (DC) and read-only domain controllers (RODC) in your environment, you may experience authentication problems in Kerberos," explains Microsoft.
“This is due to one problem which was addressed with CVE-2020-17049 in these updates. As noted in CVE-2020-17049 , there are three registry setting values for PerformTicketSignature to check, but in your current implementation you may experience different issues with each setting. "
The problem only affects Windows servers, their devices Windows 10 and vulnerable applications in enterprise environments according to Microsoft.
Affected platforms of Windows
Kerberos domain-controlled Windows devices that use MIT Kerberos spheres affected by this recently recognized issue include read-only domain controllers, as explained by Microsoft.
The server platforms affected by this issue are listed in the table below, along with the cumulative updates that cause domain controllers to experience problems with Kerberos authentication and post-installation ticket refresh.
Affected platforms | |
Servant | Source of information |
Windows Server, version 20H2 | KB4586781 |
Windows Server, 2004 version | KB4586781 |
Windows Server, 1909 version | KB4586786 |
Windows Server, 1903 version | KB4586786 |
Windows Server 2019 | KB4586793 |
Windows Server 2016 | KB4586830 |
Windows Server 2012 R2 | KB4586845 |
Windows Server 2012 | KB4586834 |
Microsoft is working to fix this known issue and will release an update with additional details as soon as more information becomes available.