Описание
Windows Kerberos Security Feature Bypass Vulnerability
FAQ
Are there any additional steps that I need to follow to be protected from this vulnerability?
The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos Credential.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) | ||
| Windows 10 Version 1809 for 32-bit Systems | ||
| Windows 10 Version 1809 for x64-based Systems | ||
| Windows Server 2019 | ||
| Windows Server 2019 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.1 High
CVSS3
Связанные уязвимости
Windows Kerberos Security Feature Bypass Vulnerability
Уязвимость реализации протокола Kerberos операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS3