Security
Headlines
HeadlinesLatestCVEs

Headline

Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack

A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft…

HackRead
#vulnerability#windows#microsoft#rce#auth

A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft addressed this issue in last week’s Patch Tuesday updates. Ensure these patches are installed to protect your systems.

Microsoft has released a patch for a critical vulnerability in Microsoft Kerberos, a widely used authentication protocol for verifying host or user identities. This flaw, allows attackers to send crafted requests to vulnerable systems to gain unauthorised access and remote code execution (RCE).

To exploit this flaw, an unauthenticated actor must leverage a cryptographic protocol vulnerability to achieve RCE, Microsoft explained in its Patch Tuesday advisory.

The vulnerability is tracked as CVE-2024-43639 and has a CVSS score of 9.8 (critical severity). If left unpatched, it could lead to drastic consequences for organizations of all sizes, including data theft, system disruption, and even complete system compromise. The vulnerability is particularly concerning due to the widespread use of Windows Server and the ease with which attackers can exploit it.

According to Censys investigation, shared with Hackread.com, there are over two million (2,274,340) exposed Windows Server instances, with 1,211,834 likely to be vulnerable. However, Censys’ research reveals that not all of these instances are vulnerable, as only servers configured with the Kerberos KDC proxy are affected.

“Note that displayed devices are only vulnerable when configured as a Kerberos KDC Proxy Protocol server,” Censys blog post read.

Over half of these devices were found with TCP/443 open, the default port for the KDC Proxy Protocol server, and researchers urge admins to confirm this protocol’s presence on their systems.

For your information, KDC Proxy Protocol Servers allow clients to communicate with KDC servers over HTTPS, using Kerberos protocols like UDP/TCP 88 for Kerberos Authentication Service and Ticket Grating Service exchanges, and TCP 464 for Kerberos password changes. These protocols assume direct, reliable access to the KDC server, usually within the same network or VPN, and are typically used for services like Remote Desktop Gateway and DirectAccess.

Regarding the most impacted regions, Censys noted that 34% of these vulnerable servers are located in the United States, and 11% are associated with Armstrong Enterprise Communications, a managed IT provider.

System administrators should patch all Windows Servers configured as KDC Proxy servers, disable unnecessary KDC Proxy services, and implement additional security measures like network segmentation and firewalls to minimize the risk of a cyberattack.

The urgency of this situation is critical as many servers are vulnerable and attackers constantly exploit these weaknesses. Quick patching and additional security measures can significantly reduce the risk of cyberattacks.

  1. Hackers Exploit Global Windows Servers in SEO Fraud
  2. Hackers Use Excel Files to Deliver Remcos RAT on Windows
  3. Windows SmartScreen Flaw Enabling Data Theft in Stealer Attack
  4. NTLM Credential Theft in Python Apps Threaten Windows Security
  5. Attack Lets Hackers Downgrade Windows to Exploit Patched Flaws

Related news

November Patch Tuesday release contains three critical remote code execution vulnerabilities

The Patch Tuesday for November of 2024 includes 91 vulnerabilities, including two that Microsoft marked as “critical.” The remaining 89 vulnerabilities listed are classified as “important.”

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild: 🔻 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)🔻 Disclosure/Spoofing – NTLM Hash (CVE-2024-43451) No signs of exploitation, but with a private PoC of the exploit: 🔸 Remote Code Execution – Microsoft […]

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.