Both Full installations and Server Core installations of Windows Server are affected. Affected Operating SystemsĪll supported Windows versions and Windows Server versions are affected, as far back as Windows Server 2008 and Windows 8.1. With a CVSS score of 9.4/8.2, the vulnerability has the potential to be both directly impactful and is also exceptionally simple to exploit.
The vulnerability was responsibly disclosed by James Forshaw of Google Project Zero and is therefore not yet being exploited in the wild. This could allow an attacker to potentially bypass authentication to access any service that is accessible through one or more SPNs. A given SPN can be registered on only one account.Ī vulnerability in Windows Kerberos allows an attacker to bypass Kerberos-based authentication and potentially authenticate to an arbitrary service principal name (SPN), allowing a connection without a password. This allows an application to request that the service authenticate an account even if the client does not have the account name.īefore the Kerberos authentication service can use an SPN to authenticate a service, the SPN must be registered on the account object that the service instance uses to log on. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. The AppContainer environment creates an identifier that uses the combined identities of the user and the application, so credentials are unique to each user/application pairing and the application cannot impersonate the user.Ī service principal name (SPN) is a unique identifier of a service instance. Managing identity and credentials, the AppContainer prevents the use of user credentials to gain access to resources or login to other environments. Controlling access to resources protects the process, the device, and the network. Granting access based upon least-privilege prevents applications and users from accessing resources beyond their rights. By isolating an application from unneeded resources and other applications, opportunities for malicious manipulation are minimized. Isolation is the primary goal of an AppContainer execution environment. With a CVS v3 score of 9.4/8.2 this is a critical update that should be remediated with the highest priority.
This month’s Patch Tuesday, Microsoft addresses a vulnerability that exists in the Windows Kerberos implementation for AppContainers.
0 kommentar(er)
