Microsoft Issues an Out-of-Band Update Following Kerberos Issues Caused by a Security Patch


Microsoft has released an ad-hoc update after discovering that a recent Windows security patch was causing Kerberos authentication problems.

The privilege escalation vulnerability affecting Windows Server, CVE-2022-37966, was fixed in the Patch Tuesday updates released on November 8. An attacker who can gather data about the targeted system and exploit this high-severity flaw may be able to gain administrative rights. Microsoft provided this explanation in its advisory for CVE-2022-37966.

Also Read: Cyber Attackers Target Trusted Cloud Applications in This Digital Era

According to Microsoft, an unauthenticated attacker could conduct an attack that could exploit cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment.

Read More: Microsoft Releases Out-of-Band Update After Security Patch Causes Kerberos Issues

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.