HomesecurityThe exploit for the Windows Kerberos Bronze Bit attack has been published

The exploit for the Windows Kerberos Bronze Bit attack has been published

The proof-of-concept exploit code and full details on Windows Kerberos security bypass vulnerabilities were released earlier this week by Jake Karnes, NetSPI security consultant and penetration tester who reported the security bug to Microsoft.

Kerberos Bronze Bit

The security error referred to as CVE-2020-17049 and corrected by Microsoft products during Patch Tuesday of November 2020 can be exploited by the Kerberos Bronze Bit attacks - as the researcher calls them.

Karnes provides a detailed report on vulnerabilities and details on how intruders can exploit it on vulnerable Windows systems.

He has also published a report security error with additional information on the Kerberos protocol, as well as practical exploitation scenarios and details on how application and the use of Kerberos Bronze Bit attacks.

The release of the proof-of-concept exploit code by Karnes on Tuesday was prompted by Microsoft publishing security updates required for the full mitigation of CVE-2020-17049 in vulnerable servers.

How the Kerberos Bronze Bit attack works

As Karnes explained, the Kerberos Bronze Bit attack exploits the S4U2self and S4U2proxy protocols added by Microsoft as Active Directory Kerberos protocol extensions.

The CVE-2020-17049 exploit is designed to bypass the protection of the "Kerberos delegation", allowing attackers to escalate privileges, to impersonate them targeted users and move sideways in breached environments.

Teo Ehc
Be the limited edition.