Описание
Windows Kerberos Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.
Where can I find more information about what steps I need to take to be fully protected from this vulnerability?
The updates released on or after April 9, 2024 will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.5 High
CVSS3
Связанные уязвимости
Windows Kerberos Elevation of Privilege Vulnerability
Уязвимость реализации протокола Kerberos операционных систем Windows, позволяющая нарушителю повысить свои привилегии
Windows Authentication Elevation of Privilege Vulnerability
EPSS
7.5 High
CVSS3