Intrusion Prevention

MS.Windows.Kerberos.Delegation.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass vulnerability on Kerberos KDC in Microsoft Windows.
The vulnerability results from the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation by sending a crafted Kerberos request. A remote attacker can exploit this to bypass authentication on vulnerable systems.

Affected Products

Windows Server 2008 SP2
Windows Server 2008 R2 SP1
Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server, version 1903, 1909, 2004, 20H2

Impact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049

CVE References

CVE-2020-17049