Intrusion Prevention



This indicates an attack attempt to exploit a Security Bypass vulnerability in Kerberos authentication module of Microsoft Windows.
The vulnerability is due to Windows falling back to NTLM as the default authentication protocol during a domain account password change when Kerberos fails. A remote man-in-the-middle attacker may be able intercept traffic and alter the cached credentials on the target machine, providing access to the vulnerable machine as the target user.

Affected Products

Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows RT 8.1
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2


Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References