top of page
chanasananp

Critical Security Vulnerability in Windows Kerberos Authentication Protocol: CVE-2024-43639

A high-severity flaw in Windows Kerberos authentication protocol allows remote code execution. Immediate review and patching are recommended.


Vulnerability

A new critical vulnerability, CVE-2024-43639, has been identified in the Windows Kerberos authentication protocol. This flaw allows unauthenticated attackers to exploit a cryptographic weakness in Kerberos over HTTPS, enabling them to execute remote code on affected servers configured as KDC Proxy Protocol servers.


Vulnerability Details

  • Impact: Allows attackers to send specially crafted requests to exploit the Kerberos protocol over HTTPS.

  • Severity: High, with a CVSS score of 9.8/10.

  • The vulnerability affects: Windows Servers configured as KDC Proxy Protocol servers(servers that enable clients to connect to KDC servers over HTTPS).

  • The flaw involves: the use of the Kerberos protocol over HTTPS, where KDC Proxy encapsulates Kerberos messages within HTTPS requests.

  • Affected Systems:

    • Windows Server 2012, 2016, 2019, 2022, 2025 configured as KDC Proxy Protocol servers.

    • Requires KDC Proxy protocol to be enabled and TCP/443 (HTTPS) open.

  • Exclusions: Domain controllers are not affected.


Risks

Attackers can execute remote code on vulnerable systems, potentially compromising sensitive data or gaining full control over affected servers.


Mitigation and Recommendations

  1. Review Server Configurations:

    • Check if KDC Proxy Protocol is enabled and ensure proper configuration.

  2. Apply Patches:

    • Update systems to the latest patched versions provided by Microsoft to mitigate this vulnerability.

  3. Stay Updated:

While no active exploitation has been reported, organizations are urged to act promptly to safeguard their systems.


Greenwill Solution offers comprehensive cybersecurity services, including vulnerability assessments and patch management.


Contact us today to secure your systems against critical threats.

Comments


bottom of page