FortiClient VulnerabilityMicrosoft Kerberos CVE-2020-17049 Security Feature Bypass Vulnerability
Description
Are there any additional steps I need to take during deployment of this update? Yes, for complex domain environments a registry key has been provided to allow for deployment across domains before fully enabling the fix. In a complex forest, where Kerberos tickets may travel across multiple domains, we recommend following steps:Set the registry key to 0 (disabled). Complete the deployment to all DCs (and Read-Only DCs) in your forest. When deployment is complete, set the registry key to 1. A later release will remove this registry key and make ticket signatures required.
Affected Applications
Windows Server version 20H2 (Server Core Installation)
Windows Server version 2004 (Server Core installation)
Windows Server version 1903 (Server Core installation)
Windows Server 2016
Windows Server 2012
Windows Server version 1909 (Server Core installation)
Windows Server 2019
CVE References
CVE-2020-17049Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049| ID | 65598 |
| Created | Nov 10, 2020 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows Server version 20H2 (Server Core Installation) , Windows Server version 2004 (Server Core installation) , Windows Server version 1903 (Server Core installation) , Windows Server 2016 , Windows Server 2012 , Windows Server version 1909 (Server Core installation) , Windows Server 2019 |