MS.Windows.Kerberos.NTLM.Fallback.Authentication.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in Kerberos authentication module of Microsoft Windows.
The vulnerability is due to Windows falling back to NTLM as the default authentication protocol during a domain account password change when Kerberos fails. A remote man-in-the-middle attacker may be able intercept traffic and alter the cached credentials on the target machine, providing access to the vulnerable machine as the target user.
Affected Products
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows RT 8.1
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://technet.microsoft.com/en-us/library/security/MS16-101
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:medium:high |