Microsoft Windows Kerberos Multiple Vulnerabilities( 09 February 2011 )
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Kerberos Unkeyed Checksum Vulnerability
An elevation of privilege vulnerability exists in implementations of Kerberos. The vulnerability exists because the Microsoft Kerberos implementation supports a weak hashing mechanism, which can allow for certain aspects of a Kerberos service ticket to be forged. A malicious user or attacker who successfully exploited this vulnerability could obtain a token with elevated privileges on the affected system.
Kerberos Spoofing Vulnerability
A spoofing vulnerability exists in implementations of Kerberos on Windows 7 and Windows Server 2008 R2. The vulnerability exists because it is possible to downgrade Kerberos authentication to use DES instead of the default, stronger encryption standards included in Windows 7 and Windows Server 2008 R2.
Impact
- Elevation of Privilege
- Spoofing
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows 7
- Windows Server 2008 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
Vulnerability Identifier
Source
Related Link
Share with