Microsoft is investigating a new known issue that corporate domain controllers are experiencing problems Kerberos authentication, after installing security updates released to address CVE-2020-17049 during Patch Tuesday, November 10th.
Το Kerberos αντικατέστησε το πρωτόκολλο NTLM σαν το προεπιλεγμένο πρωτόκολλο ελέγχου ταυτότητας για συσκευές συνδεδεμένες στο domain σε όλες τις εκδόσεις των Windows πάνω από τα Windows 2000.
Authentication protocols enable the authentication of users, computers, and services, allowing authorized services and users have access to e.gconditions in a safe way.
CVE-2020-17049 is a remote exploitation capability of the Kerberos Constrained Delegation (KCD) and exists in the way KDC determines whether service credentials can be used for KCD outsourcing.
Security updates behind authorization issues
"After installing KB4586781 on domain controllers (DC) and read-only domain controllers (RODC) in your environment, you may experience authentication problems in Kerberos," explains Microsoft.
"This is due to a problem with CVE-2020-17049 in these updates. As noted in CVE-2020-17049, there are three registry setting values for PerformTicketSignature for testing, but in the current application you may experience different issues with each setting. ”
The problem only affects Windows servers, Windows 10 devices, and vulnerable applications in corporate environments, according to Microsoft.
Affected Windows platforms
Kerberos domain-controlled Windows devices that use MIT Kerberos realms are affected by this recently known issue include read-only domain controllers as explained by Microsoft.
The server platforms affected by this issue are listed in the table below, along with the cumulative updates that cause domain controllers to experience problems with Kerberos authentication and post-installation ticket refresh.
Affected platforms | |
Servant | Source of information |
Windows Server, version 20H2 | KB4586781 |
Windows Server, 2004 version | KB4586781 |
Windows Server, 1909 version | KB4586786 |
Windows Server, 1903 version | KB4586786 |
Windows Server 2019 | KB4586793 |
Windows Server 2016 | KB4586830 |
Windows Server 2012 R2 | KB4586845 |
Windows Server 2012 | KB4586834 |
Microsoft is working to fix this known issue and will release an update with additional details as soon as more information becomes available.