SB2017071120 - Two vulnerabilities in Kerberos implementation in Microsoft Windows

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper authentication (CVE-ID: CVE-2017-8563)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol. A remote attacker can send specially crafted requests to domain controller and trigger the fall back to less secure authentication protocol.

Successful exploitation of the vulnerability may allow an attacker to perform a MitM attack, intercept network traffic and gain access to users’ credentials.

2) Security restrictions bypass (CVE-ID: CVE-2017-8495)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8563
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8495