At a glance:
| ID | 49691 |
| Created | Dec 17, 2020 |
| Updated | Jan 12, 2021 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows |
| Affected App | Other |
Legend
| Enabled/Available |
|
| Disabled/Not Avaliable | 
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2021-01-04 | 16.990 | * |
| 2021-01-13 | 16.997 | Default_action:pass:drop |
Refine Search
Intrusion Prevention
MS.Windows.Kerberos.Delegation.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability on Kerberos KDC in Microsoft Windows.
The vulnerability results from the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation by sending a crafted Kerberos request. A remote attacker can exploit this to bypass authentication on vulnerable systems.
Affected Products
Windows Server 2008 SP2
Windows Server 2008 R2 SP1
Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server, version 1903, 1909, 2004, 20H2
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049