Search

MC680542 – Security hardening changes for Kerberos effective with the October 10, 2023 Windows Update

cloudscout.one Icon

check before: 2023-10-24

Product:

Office 365 general

Platform:

World tenant, Online, Windows Desktop

Status:

Change type:

Admin impact

Links:

Details:

Windows updates released today, October 10, 2023, and later, conclude the rollout of security enforcement to protect Windows Server domain controllers (DC) against a Kerberos security bypass vulnerability. This vulnerability also involves an elevation of privilege scenario and alteration of Privilege Attribute Certificate (PAC) signatures. All domain-joined, machine accounts are affected by these vulnerabilities.


These changes have been gradually enforced through a series of phases, beginning with Windows updates released November 8, 2022. For details on configuring these security requirements in your environment see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967.


When will this happen:
As previously announced, Windows updates released on and after October 10, 2023 will have the following effect:


Remove the ability to disable PAC signature addition (previously done via the registry subkey KrbtgtFullPacSignature)
Remove support for Audit mode (this enabled authentication whether PAC signatures were missing or invalid, and created audit logs for review).
Deny authentication to incoming service tickets without the new PAC signatures.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-10-11

updated:
2023-10-11

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


Share to MS Teams

Login to your account

Welcome Back, We Missed You!