MS.Windows.Kerberos.NTLM.Fallback.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Kerberos authentication module of Microsoft Windows.
The vulnerability is due to Windows falling back to NTLM as the default authentication protocol during a domain account password change when Kerberos fails. A remote man-in-the-middle attacker may be able intercept traffic and alter the cached credentials on the target machine, providing access to the vulnerable machine as the target user.

affected-products-logoAffected Products

Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows RT 8.1
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://technet.microsoft.com/en-us/library/security/MS16-101

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-10 14.629 Severity:medium:high