Windows Kerberos crashes due to security updates

Microsoft investigates new known issue that causes corporate domain controllers to experience Kerberos authentication problems Patch Tuesday, November 10th.

Το Kerberos αντικατέστησε το πρωτόκολλο NTLM σαν το προεπιλεγμένο πρωτόκολλο ελέγχου ταυτότητας για συσκευές συνδεδεμένες στο domain σε όλες τις εκδόσεις των Windows πάνω από τα Windows 2000.

Authentication protocols allow authentication of users, computers and services, allowing authorized services and users to access resources securely.

CVE-2020-17049 is a remote exploitation capability of the Kerberos Constrained Delegation (KCD) and exists in the way KDC determines whether service credentials can be used for KCD outsourcing.

Security updates behind authorization issues

"After installing KB4586781 on domain controllers (DC) and read-only domain controllers (RODC) in your environment, you may experience authentication problems in Kerberos," explains Microsoft.

"This is due to a problem with CVE-2020-17049 in these updates. As noted in CVE-2020-17049, there are three registry setting values ​​for PerformTicketSignature for testing, but in the current application you may experience different issues with each setting. ”

The problem only affects Windows servers, their devices Windows 10 and vulnerable applications in enterprise environments according to Microsoft.

Affected Windows platforms

Kerberos domain-controlled Windows devices that use MIT Kerberos spheres affected by this recently recognized issue include read-only domain controllers, as explained by Microsoft.

The server platforms affected by this issue are listed in the table below, along with the cumulative updates that cause domain controllers to experience problems with Kerberos authentication and post-installation ticket refresh.

Microsoft is working to fix this known issue and will release an update with additional details as more are available information.