Endpoint Vulnerability

Microsoft: Kerberos Security Feature Bypass Vulnerability

Description

Are there any additional steps I need to take during deployment of this update? Yes, for complex domain environments a registry key has been provided to allow for deployment across domains before fully enabling the fix. In a complex forest, where Kerberos tickets may travel across multiple domains, we recommend following steps:Set the registry key to 0 (disabled). Complete the deployment to all DCs (and Read-Only DCs) in your forest. When deployment is complete, set the registry key to 1. A later release will remove this registry key and make ticket signatures required.

Affected Products

Windows Server, version 20H2 (Server Core Installation),Windows Server, version 2004 (Server Core installation),Windows Server, version 1903 (Server Core installation),Windows Server 2016,Windows Server 2012,Windows Server, version 1909 (Server Core installation),Windows Server 2019

References

CVE-2020-17049,